The Raspberry Robin worm is incorporating one-day exploits almost as soon as they’re developed, in order to improve on its privilege escalation capabilities.
Researchers from Check Point suspect that the developers behind the initial access tool are contracting with Dark Web exploit traffickers, allowing them to quickly incorporate new exploits for obtaining system-level privileges before such exploits are disclosed to the public, and before many affected organizations have gotten around to patching their associated vulnerabilities.
“It’s a very powerful piece of the program that gives the attacker much more ability in terms of evasion, and performing higher-privileged actions than they could in any other scenario,” explains Eli Smadja, group manager for Check Point.
Raspberry Robin: Incorporating Exploits Faster Now
Raspberry Robin was first discovered in 2021, and outed in a Red Canary blog post the following year. In the time since, its developers have become much more proactive,…