Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks.
An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to the group – most likely the latter. That’s according to Check Point Research (CPR) which has tracked how long it takes for vulnerability exploits to be added as features to the malware.
In 2022, Raspberry Robin added exploits for vulnerabilities that were up to 12 months old, such as CVE-2021-1732, but this has quickly switched to those less than a month old, like CVE-2023-36802.