Home Security Hackers Utilizing Bumblebee Loader to Compromise Lively Listing Companies

Hackers Utilizing Bumblebee Loader to Compromise Lively Listing Companies

by crpt os


The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities.

“Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration,” Cybereason researchers Meroujan Antonyan and Alon Laufer said in a technical write-up.

CyberSecurity

Bumblebee first came to light in March 2022 when Google’s Threat Analysis Group (TAG) unmasked the activities of an initial access broker dubbed Exotic Lily with ties to the TrickBot and the larger Conti collectives.

Bumblebee malware loader

Typically delivered via initial access acquired through spear-phishing campaigns, the modus operandi has since been tweaked by eschewing macro-laced documents in favor of ISO and LNK files, primarily in response to Microsoft’s decision to block macros by default.

Bumblebee malware loader

“Distribution of the malware is done by phishing emails with an attachment or a link to a malicious archive containing Bumblebee,” the researchers said. “The initial execution relies on the end-user execution which has to extract the archive, mount an ISO image file, and click a Windows shortcut (LNK) file.”

The LNK file, for its part, contains the command to launch the Bumblebee loader, which is then used as a conduit for next-stage actions such as persistence, privilege escalation, reconnaissance, and credential theft.

CyberSecurity

Also employed during the attack is the Cobalt Strike adversary simulation framework upon gaining elevated privileges on infected endpoints, enabling the threat actor to laterally move across the network. Persistence is achieved by deploying AnyDesk remote desktop software.

In the incident analyzed by Cybereason, the stolen credentials of a highly privileged user were subsequently utilized to seize control of the Active Directory, not to mention create a local user account for data exfiltration.

“The time it took between initial access and Active Directory compromise was less than two days,” the cybersecurity firm said. “Attacks involving Bumblebee must be treated as critical, […] and this loader is known for ransomware delivery.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex