New malware loader Bumblebee adopted by known ransomware access brokers

Read Time:35 Second

Several threat groups believed to be initial access facilitators for some ransomware gangs are transitioning to a new first-stage malware downloader dubbed Bumblebee. The groups previously used other downloaders like BazaLoader and IcedID.

According to researchers from security firm Proofpoint, Bumblebee email-based distribution campaigns started in March and were linked back to at least three known attack groups. The malware is used to deploy known penetration testing implants such as Cobalt Strike, Sliver and Meterpreter. Attackers have adopted these attack frameworks and other open-source dual-use tools in recent years to engage in hands-on manual hacking and lateral movement through victim networks.

To read this article in full, please click here

Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing

WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit

Precision-Validated Phishing Elevates Credential Theft Risks

Ransomware Attacks Hit All-Time High as Payoffs Dwindle

How to Leak to a Journalist

Three-Quarters of IT Leaders Fear Nation-State AI Cyber Threats

Microsoft Fixes Over 130 CVEs in April Patch Tuesday

NCSC Warns of Spyware Targeting Chinese and Taiwanese Diaspora

Patch Tuesday, April 2025 Edition