Summary: A recent investigation has revealed nearly 200 unique command-and-control domains linked to the malware Raspberry Robin, a complex threat actor that acts as an initial access broker for various criminal groups, particularly those associated with Russia. This malware facilitates access for various malicious strains and employs multiple distribution methods, including USB propagation and communication via Discord. Its infrastructure has been carefully crafted to evade detection through rapid domain rotation and the use of Tor relays for command issuance.
Affected: Raspberry Robin malware, various criminal groups, Russian threat actors
Keypoints :
- Nearly 200 unique C2 domains associated with Raspberry Robin have been discovered.
- The malware serves as an initial access broker for malicious actors, often linked to Russian crime groups.
- Propagation methods include USB drives and Discord attachments, alongside a complex infrastructure utilizing fast flux techniques.
Source: https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html