Microsoft found Rasberry Robin worm to be part of a complex and interconnected malware ecosystem
Microsoft found that the malware distribution platform, Rasberry Robin worm, is ‘part of a larger malware ecosystem with links to other malware families and alternate infection methods beyond its USB drive spread’. Microsoft Defender for Endpoint data found that approximately 3,000 devices in almost 1,000 organizations have been affected by the malware in the last 30 days. The complexity of the infection chain is so strong that two hosts can be infected simultaneously, Microsoft stated. Evidence shows that multiple components are involved in the attack, making it challenging to differentiate them as hackers have complex mechanisms to protect the malware at each stage. So far, Microsoft has identified at least four confirmed entry vendors linked to hands-on-keyboard by the hackers. Mitigation guidelines for users have been provided by Microsoft to limit the spread of malware.