Threat actors associated with the malwares IcedID, TrickBot, and BazarLoader are increasingly turning to the malware Bumblebee to breach target networks, researchers say. The network breaches are followed by post-exploitation activities that aim to collect sensitive information. On Thursday, Cybereason published an advisory about the malware Bumblebee detailing the nature of the tool and the way in which it is exploited. Cybereason stated that it observed threat actors who frequently use other malware transitioning to using Bumblebee.
The majority of Bumblebee infections documented by Cybereason start with end-users executing LNK files. These files use a system binary to load the malware onto the victim’s machine. The malware operators then conduct reconnaissance activities and begin executing commands to exfiltrate files. Cybereason stated that the attacks are very aggressive, and therefore organizations and individuals should treat it as a critical threat.
Read More: Hackers Deploy Bumblebee Loader to Breach Target Networks
