Analysts at Red Canary Intelligence have recently spotted a Windows worm on hundreds of networks belonging to a wide range of organizations around the world.
Dubbed “Raspberry Robin” by the research team that discovered it, this worm spreads via infected USB devices and was initially spotted in September of last year (2021). Another firm, Sekoia, observed the worm even earlier, citing appearances of similar code strains on QNAP NAS devices as early as November of 2019.
So far, nothing is known about the threat group that created the worm. There’s nothing in the code that ties it definitively to any of the large, organized, active groups of hackers around the world. Although a code analysis reveals that it is quite advanced.
Although it has spread far and wide, and it is clearly capable of unleashing untold amounts of harm, the threat actors behind the worm have simply opted not to. At least not yet.
It is not known whether it’s because they wish to give the worm more time to spread before inflicting harm to maximize the impact of that harm, or because the group is still in early stages and is essentially testing its capabilities to see how far and how easily it will spread.
Given how little is known about the particulars and the theoretical capabilities of the worm, Microsoft tagged this as a high-risk threat. They stress that although the hackers have, not opted to use it to deploy additional malicious payloads so far, that could change at literally any time.
This is one to be on the lookout for. Make sure your IT staff are aware of it and on high alert. As additional details emerge about the worm and who might be behind it emerges, we’ll almost certainly have more to say about this latest threat.