Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker

A new investigation has unearthed nearly 200 unique command-and-control C2 domains associated with a malware called Raspberry Robin. "Raspberry Robin also known as Roshtyak or Storm-0856 is a complex and evolving threat actor that provides initial access broker IAB services to numerous criminal...

PT-2024-5711

Name of the Vulnerable Software and Affected Versions Windows Common Log File System Driver versions prior to 10.0.10240.20751 Windows 10 versions 10.0.14393.7259 Windows 10 versions 10.0.17763.6189 Windows 10 versions 10.0.19044.4780 Windows 10 versions 10.0.19045.4780 Description This issue is ...

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach...

Raspberry Robin Expands Reach via WSF

...

Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files

Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files WSFs since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its...

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the...

Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks

Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical...

Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors

A surge in TrueBot activity was observed in May 2023, cybersecurity researchers disclosed. "TrueBot is a downloader trojan botnet that uses command and control servers to collect information on compromised systems and uses that compromised system as a launching point for further attacks," VMware'...

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors

A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin aka QNAP worm, attributed to a threat actor dubbed DEV-0856, is a...

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors

A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin aka QNAP worm, attributed to a threat actor dubbed DEV-0856, is a...

Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe

Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically...

Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems

The Raspberry Robin worm has been used in attacks against telecommunications and government office systems across Latin America, Australia, and Europe since at least September 2022. "The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake...

Raspberry Robin Malware Targets Telecom, Governments

We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analyti...

Silence is golden partner for Truebot and Clop ransomware

A recent rise in the number of Truebot infections has been attributed to a threat actor known as the Silence Group. The Silence Group is an initial access broker IAB that frequently changes tools and tactics to stay on top of the game. An IAB's primary task is to find a weakness or vulnerability,...

Truebot exploits vulnerability in Netwrix to deploy Clop Ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In 2017, Truebot was discovered to be linked to the Silence group and has affected more than 1,500 systems worldwide with shellcode, Cobalt Strike beacons, Grace malware, the Teleport tool, and Clop...

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patche...

Breaking the silence - Recent Truebot activity

Since August 2022, we have seen an increase in infections of Truebot aka Silence.Downloader malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several...

CVE-2022-41073

Windows Print Spooler Elevation of Privilege Vulnerability Recent assessments: ccondon-r7 at December 29, 2022 11:52pm UTC reported: Evidently this is being used for privilege escalation in ransomware attacks when threat actors have initial access to systems through existing Raspberry Robin,...