New Bumblebee Loader Infection Chain Signals Possible Resurgence

SUMMARY :

A new infection chain for the Bumblebee loader malware has been discovered, potentially indicating its resurgence after Operation Endgame. The sophisticated downloader, first identified in March 2022, is used by cybercriminals to access corporate networks and deliver payloads like Cobalt Strike beacons and ransomware. The infection likely begins with a phishing email containing a ZIP file with an LNK file. When executed, it triggers a series of events to download and execute the Bumblebee payload in memory. The new approach uses MSI files disguised as Nvidia and Midjourney installers, employing a stealthier method to avoid creating new processes and writing the payload to disk. This technique differs from previous campaigns and demonstrates the evolving tactics of the threat actors behind Bumblebee.

OPENCTI LABELS :

cobalt strike,phishing,pikabot,lnk,bumblebee,loader,darkgate,icedid,msi,latrodectus,stealth,infection-chain,in-memory-execution


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New Bumblebee Loader Infection Chain Signals Possible Resurgence