The telecommunications and government sectors across multiple countries were targeted with variants from the Raspberry Robin malware family.
The malicious software initially arrives as a shortcut or LNK file on an infected USB device.
Raspberry Robin is packed multiple times with more than ten layers of obfuscation to prevent analysis and will also drop a fake payload if sandboxing and security analytics tools are detected.