CISCO identified an increased infection of Truebot malware, with a high possibility of its association with the Evil Corp threat actor. CISCO also found that attackers shifted their malicious delivery methods among various techniques. In October 2022, many infections used Raspberry Robin, a recent malware spread through USB drives, as a delivery vector. One of these attacks had a fully featured custom data exfiltration tool named Teleport, which was used to steal information. So far, two Truebot botnets have been identified. The first is distributed online, focusing on Mexico, Pakistan, and Brazil. In contrast, the second mainly focuses on the USA and is almost exclusively composed of Windows servers.