Researchers Identify Approximately 200 Distinct C2 Domains Associated with Raspberry Robin Access Broker

Global
Researchers Identify Approximately 200 Distinct C2 Domains Associated with Raspberry Robin Access Broker

Published:

Written by: Staff Editor
spot_img

Unmasking Raspberry Robin: The Evolving Malware Powering Russian Cyber Threats

Title: New Threat from Raspberry Robin: Insights into a Complex Malware Network

Date: March 25, 2025

In a startling revelation, cybersecurity researchers have identified nearly 200 unique command-and-control (C2) domains linked to a pervasive malware threat known as Raspberry Robin. This malware, also referred to as Roshtyak or Storm-0856, has evolved dramatically since it first appeared in 2019, morphing into a vital toolkit for numerous criminal groups, many with ties to Russia.

According to a report from Silent Push shared with The Hacker News, Raspberry Robin functions as an "initial access broker," facilitating the infiltration of systems for other malware strains including Dridex, LockBit, and BumbleBee. Notably, the malware exploits compromised QNAP devices to deliver its payload, earning the nickname "QNAP worm."

Recent investigations have uncovered sophisticated distribution methods employed by Raspberry Robin. Attack chains now utilize archives and Windows Script Files transmitted via Discord, alongside acquiring flaws for local privilege escalation before they are made public. Furthermore, indications suggest that Raspberry Robin may operate as a pay-per-install botnet for other malicious actors.

The malware’s unique propagation method includes USB-based infections through compromised USB drives containing hidden malware files. The U.S. government’s cybersecurity officials have linked the malware to Russian state-sponsored threats, notably the actor known as Cadet Blizzard.

Silent Push, alongside Team Cymru, detected a singular IP acting as a command relay for these C2 domains, which utilized Tor relays, complicating the overall combat against the malware. The ongoing investigation reveals fast-flux techniques employed to rotate C2 domains rapidly, making it particularly challenging for security teams to dismantle this intricate system.

As cyber threats continue to evolve, the case of Raspberry Robin serves as a stark reminder of the complex landscape businesses and individuals must navigate to safeguard their digital environments.

spot_img

Related articles

Recent articles

U.S. Justice Department Targets and Seizes Four Domains Linked to Cybercrime Crypting Services

Global
Major Takedown of Cybercrime Syndicate: Global Law Enforcement Action On May 27, 2025, a significant operation by multinational law enforcement successfully dismantled an online cybercrime...
Read more

Stockholm’s Dold Adress Raises €1.8 Million to Champion Digital Anonymity, Even Against the Dark Web

Dark Watch
Dold Adress: A Swedish Startup Pioneering Digital Privacy Solutions Significant Funding Boost Dold Adress, a startup focused on digital privacy, has successfully secured €1.8 million in...
Read more

Meta Disrupts Fake Persona Influence Operations in Romania, Azerbaijan, and Taiwan

Global
Meta Disrupts Covert Influence Operations Across Multiple Countries On Thursday, Meta unveiled significant findings related to covert influence operations that have been traced back to...
Read more

Weekly Roundup: Eid Al Adha 2025 Dates, UAE Petrol Price Changes, New Tax Rule, and Dubai Real Estate Tokenization

Regional
UAE Eid Al Adha Holiday Dates Announced The United Arab Emirates has officially revealed holiday dates for Eid Al Adha, providing a timely update for...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com