Microsoft reveals possible link between Raspberry Robin and Russian cybercrime group Evil Corp
Microsoft revealed on Friday a possible link between the Raspberry Robin USB-based worm and the infamous Russian cybercrime group Evil Corp.
On July 26, 2022, the tech giant observed the FakeUpdates malware being delivered via existing Raspberry Robin infections.
The disclosure is the first evidence of the threat actor’s post-exploitation activities.
According to Microsoft, the group’s use of a RaaS payload is most likely an attempt by DEV-0243 to avoid attribution.
It’s too soon to tell if Evil Corp is behind or associated with Raspberry Robin.
As a result, untangling the relationships between malware families and observed activity can be difficult.