www.techrepublic.com Open in urlscan Pro
151.101.130.132  Public Scan

URL: https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/
Submission: On August 19 via api from DE — Scanned from DE

Form analysis 8 forms found in the DOM

/search/

<form action="/search/" class="search-bar">
  <label id="label-nav-site-search" for="nav-site-search"> Search </label>
  <input type="search" autocomplete="off" name="q" id="nav-site-search" value="" placeholder="What are you looking for?" required="">
  <button type="submit" disabled="disabled">
    <svg role="img" aria-labelledby="label-nav-site-search">
      <use href="#smart-search-icon"></use>
    </svg>
  </button>
</form>

POST https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/

<form method="POST" action="https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/">
  <input type="email" class="read-write" aria-label="Enter your email" name="join-signin-email" placeholder="Enter your email" autofocus="" required="">
  <input type="submit" value="Continue" class="btn-trigger">
</form>

POST https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/?tr-login=1

<form method="POST" action="https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/?tr-login=1">
  <input type="hidden" name="redirect_to" value="https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/">
  <input type="email" name="join-signin-email" value="" readonly="" required="" class="readonly">
  <input type="password" name="signin-pw" aria-label="Enter your password" placeholder="Enter your password" autofocus="" required="" class="read-write">
  <input id="submit-login" type="submit" value="Continue" class="btn-trigger">
</form>

POST

<form method="POST" id="forgot-pw">
  <input type="hidden" name="forgot-pw" value="1">
  <input type="hidden" name="join-signin-email" value="">
  <input type="submit" value="Forgot password" class="forgot-pw">
</form>

POST https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/?tr-login=1

<form action="https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/?tr-login=1" method="post">
  <input type="hidden" name="redirect_to" value="https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/">
  <input type="email" name="join-signin-email" value="" class="readonly" readonly="" required="">
  <input type="text" class="read-write" aria-label="Enter a username" name="username" value="" placeholder="Enter a unique username" required="">
  <input type="password" name="join-pw" class="read-write" autofocus="" aria-label="Choose a password" placeholder="Choose a password" required="">
  <select id="country" name="country" class="readonly" required="">
    <option value="NOTSELECTED">Country</option>
    <option value="US"> United States </option>
    <option value="AF"> Afghanistan </option>
    <option value="AX"> Aland Islands </option>
    <option value="AL"> Albania </option>
    <option value="DZ"> Algeria </option>
    <option value="AS"> American Samoa </option>
    <option value="AD"> Andorra </option>
    <option value="AO"> Angola </option>
    <option value="AI"> Anguilla </option>
    <option value="AQ"> Antarctica </option>
    <option value="AG"> Antigua And Barbuda </option>
    <option value="AR"> Argentina </option>
    <option value="AM"> Armenia </option>
    <option value="AW"> Aruba </option>
    <option value="AU"> Australia </option>
    <option value="AT"> Austria </option>
    <option value="AZ"> Azerbaijan </option>
    <option value="BS"> Bahamas </option>
    <option value="BH"> Bahrain </option>
    <option value="BD"> Bangladesh </option>
    <option value="BB"> Barbados </option>
    <option value="BY"> Belarus </option>
    <option value="BE"> Belgium </option>
    <option value="BZ"> Belize </option>
    <option value="BJ"> Benin </option>
    <option value="BM"> Bermuda </option>
    <option value="BT"> Bhutan </option>
    <option value="BO"> Bolivia </option>
    <option value="BA"> Bosnia and Herzegovina </option>
    <option value="BW"> Botswana </option>
    <option value="BV"> Bouvet Island </option>
    <option value="BR"> Brazil </option>
    <option value="IO"> British Indian Ocean Territory </option>
    <option value="BN"> Brunei Darussalam </option>
    <option value="BG"> Bulgaria </option>
    <option value="BF"> Burkina Faso </option>
    <option value="BI"> Burundi </option>
    <option value="KH"> Cambodia </option>
    <option value="CM"> Cameroon </option>
    <option value="CA"> Canada </option>
    <option value="CV"> Cape Verde </option>
    <option value="BQ"> Caribbean Netherlands </option>
    <option value="KY"> Cayman Islands </option>
    <option value="CF"> Central African Republic </option>
    <option value="TD"> Chad </option>
    <option value="CL"> Chile </option>
    <option value="CN"> China </option>
    <option value="CX"> Christmas Island </option>
    <option value="CC"> Cocos (Keeling) Islands </option>
    <option value="CO"> Colombia </option>
    <option value="KM"> Comoros </option>
    <option value="CG"> Congo </option>
    <option value="CD"> Congo, DROC </option>
    <option value="CK"> Cook Islands </option>
    <option value="CR"> Costa Rica </option>
    <option value="CI"> Cote D'ivoire </option>
    <option value="HR"> Croatia </option>
    <option value="CU"> Cuba </option>
    <option value="CW"> Curazao </option>
    <option value="CY"> Cyprus </option>
    <option value="CZ"> Czech Republic </option>
    <option value="DK"> Denmark </option>
    <option value="DJ"> Djibouti </option>
    <option value="DM"> Dominica </option>
    <option value="DO"> Dominican Republic </option>
    <option value="TL"> East Timor </option>
    <option value="EC"> Ecuador </option>
    <option value="EG"> Egypt </option>
    <option value="SV"> El Salvador </option>
    <option value="GQ"> Equatorial Guinea </option>
    <option value="ER"> Eritrea </option>
    <option value="EE"> Estonia </option>
    <option value="ET"> Ethiopia </option>
    <option value="FK"> Falkland Islands (Malvinas) </option>
    <option value="FO"> Faroe Islands </option>
    <option value="FJ"> Fiji </option>
    <option value="FI"> Finland </option>
    <option value="FR"> France </option>
    <option value="GF"> French Guiana </option>
    <option value="PF"> French Polynesia </option>
    <option value="TF"> French Southern Territories </option>
    <option value="GA"> Gabon </option>
    <option value="GM"> Gambia </option>
    <option value="GE"> Georgia </option>
    <option value="DE"> Germany </option>
    <option value="GH"> Ghana </option>
    <option value="GI"> Gibraltar </option>
    <option value="GR"> Greece </option>
    <option value="GL"> Greenland </option>
    <option value="GD"> Grenada </option>
    <option value="GP"> Guadeloupe </option>
    <option value="GU"> Guam </option>
    <option value="GT"> Guatemala </option>
    <option value="GG"> Guernsey </option>
    <option value="GN"> Guinea </option>
    <option value="GW"> Guinea-Bissau </option>
    <option value="GY"> Guyana </option>
    <option value="HT"> Haiti </option>
    <option value="HM"> Heard And Mc Donald Islands </option>
    <option value="VA"> Holy See (Vatican City State) </option>
    <option value="HN"> Honduras </option>
    <option value="HK"> Hong Kong </option>
    <option value="HU"> Hungary </option>
    <option value="IS"> Iceland </option>
    <option value="IN"> India </option>
    <option value="ID"> Indonesia </option>
    <option value="IR"> Iran (Islamic Republic Of) </option>
    <option value="IQ"> Iraq </option>
    <option value="IE"> Ireland </option>
    <option value="IM"> Isle of Man </option>
    <option value="IL"> Israel </option>
    <option value="IT"> Italy </option>
    <option value="JM"> Jamaica </option>
    <option value="JP"> Japan </option>
    <option value="JE"> Jersey </option>
    <option value="JO"> Jordan </option>
    <option value="KZ"> Kazakhstan </option>
    <option value="KE"> Kenya </option>
    <option value="KI"> Kiribati </option>
    <option value="KW"> Kuwait </option>
    <option value="KR"> Korea, Republic Of </option>
    <option value="XK"> Kosovo </option>
    <option value="KG"> Kyrgyzstan </option>
    <option value="LA"> Lao People's Democratic Republic </option>
    <option value="LV"> Latvia </option>
    <option value="KP"> Korea, Democratic People's Republic of </option>
    <option value="LB"> Lebanon </option>
    <option value="LS"> Lesotho </option>
    <option value="LR"> Liberia </option>
    <option value="LY"> Libyan Arab Jamahiriya </option>
    <option value="LI"> Liechtenstein </option>
    <option value="LT"> Lithuania </option>
    <option value="LU"> Luxembourg </option>
    <option value="MO"> Macau </option>
    <option value="MK"> Macedonia </option>
    <option value="MG"> Madagascar </option>
    <option value="MW"> Malawi </option>
    <option value="MY"> Malaysia </option>
    <option value="MV"> Maldives </option>
    <option value="ML"> Mali </option>
    <option value="MT"> Malta </option>
    <option value="MH"> Marshall Islands </option>
    <option value="MQ"> Martinique </option>
    <option value="MR"> Mauritania </option>
    <option value="MU"> Mauritius </option>
    <option value="YT"> Mayotte </option>
    <option value="MX"> Mexico </option>
    <option value="FM"> Micronesia, Federated States of </option>
    <option value="MD"> Moldova, Republic Of </option>
    <option value="MC"> Monaco </option>
    <option value="MN"> Mongolia </option>
    <option value="ME"> Montenegro </option>
    <option value="MS"> Montserrat </option>
    <option value="MA"> Morocco </option>
    <option value="MZ"> Mozambique </option>
    <option value="MM"> Myanmar </option>
    <option value="NA"> Namibia </option>
    <option value="NR"> Nauru </option>
    <option value="NP"> Nepal </option>
    <option value="NL"> Netherlands </option>
    <option value="AN"> Netherlands Antilles </option>
    <option value="NC"> New Caledonia </option>
    <option value="NZ"> New Zealand </option>
    <option value="NI"> Nicaragua </option>
    <option value="NE"> Niger </option>
    <option value="NG"> Nigeria </option>
    <option value="NU"> Niue </option>
    <option value="NF"> Norfolk Island </option>
    <option value="MP"> Northern Mariana Islands </option>
    <option value="NO"> Norway </option>
    <option value="OM"> Oman </option>
    <option value="PK"> Pakistan </option>
    <option value="PW"> Palau </option>
    <option value="PS"> Palestinian Territory, Occupied </option>
    <option value="PA"> Panama </option>
    <option value="PG"> Papua New Guinea </option>
    <option value="PY"> Paraguay </option>
    <option value="PE"> Peru </option>
    <option value="PH"> Philippines </option>
    <option value="PN"> Pitcairn </option>
    <option value="PL"> Poland </option>
    <option value="PT"> Portugal </option>
    <option value="PR"> Puerto Rico </option>
    <option value="QA"> Qatar </option>
    <option value="RE"> Reunion </option>
    <option value="RO"> Romania </option>
    <option value="RU"> Russia </option>
    <option value="RW"> Rwanda </option>
    <option value="GS"> S. Georgia And S. Sandwich Isles </option>
    <option value="BL"> Saint Barthelemy </option>
    <option value="KN"> Saint Kitts And Nevis </option>
    <option value="LC"> Saint Lucia </option>
    <option value="MF"> Saint Martin </option>
    <option value="VC"> Saint Vincent And The Grenadines </option>
    <option value="WS"> Samoa </option>
    <option value="SM"> San Marino </option>
    <option value="ST"> Sao Tome And Principe </option>
    <option value="SA"> Saudi Arabia </option>
    <option value="SN"> Senegal </option>
    <option value="RS"> Serbia </option>
    <option value="CS"> Serbia and Montenegro </option>
    <option value="SC"> Seychelles </option>
    <option value="SL"> Sierra Leone </option>
    <option value="SG"> Singapore </option>
    <option value="SX"> Sint Maarten </option>
    <option value="SK"> Slovakia </option>
    <option value="SI"> Slovenia </option>
    <option value="SB"> Solomon Islands </option>
    <option value="SO"> Somalia </option>
    <option value="ZA"> South Africa </option>
    <option value="SS"> South Sudan </option>
    <option value="ES"> Spain </option>
    <option value="LK"> Sri Lanka </option>
    <option value="SH"> St. Helena </option>
    <option value="PM"> St. Pierre And Miquelon </option>
    <option value="SD"> Sudan </option>
    <option value="SR"> Suriname </option>
    <option value="SJ"> Svalbard And Jan Mayen Islands </option>
    <option value="SZ"> Swaziland </option>
    <option value="SE"> Sweden </option>
    <option value="CH"> Switzerland </option>
    <option value="SY"> Syrian Arab Republic </option>
    <option value="TW"> Taiwan </option>
    <option value="TJ"> Tajikistan </option>
    <option value="TZ"> Tanzania, United Republic Of </option>
    <option value="TH"> Thailand </option>
    <option value="TG"> Togo </option>
    <option value="TK"> Tokelau </option>
    <option value="TO"> Tonga </option>
    <option value="TT"> Trinidad And Tobago </option>
    <option value="TN"> Tunisia </option>
    <option value="TR"> Turkey </option>
    <option value="TM"> Turkmenistan </option>
    <option value="TC"> Turks And Caicos Islands </option>
    <option value="TV"> Tuvalu </option>
    <option value="UM"> U.S. Minor Outlying Islands </option>
    <option value="UG"> Uganda </option>
    <option value="UA"> Ukraine </option>
    <option value="AE"> United Arab Emirates </option>
    <option value="GB"> United Kingdom </option>
    <option value="UY"> Uruguay </option>
    <option value="UZ"> Uzbekistan </option>
    <option value="VU"> Vanuatu </option>
    <option value="VE"> Venezuela </option>
    <option value="VN"> Viet Nam </option>
    <option value="VG"> Virgin Islands (British) </option>
    <option value="VI"> Virgin Islands (U.S.) </option>
    <option value="WF"> Wallis And Futuna Islands </option>
    <option value="EH"> Western Sahara </option>
    <option value="YE"> Yemen </option>
    <option value="YU"> Yugoslavia </option>
    <option value="ZM"> Zambia </option>
    <option value="ZW"> Zimbabwe </option>
  </select>
  <label for="tos">
    <input type="checkbox" name="tos" id="tos" required="">
    <span class="terms-of-service">
      <p>By registering, you agree to the <a href=" https://technologyadvice.com/terms-conditions/" target="_blank">Terms of Use</a> and acknowledge the data practices outlined in the
        <a href="https://technologyadvice.com/privacy-policy/" target="_blank">Privacy Policy</a>.</p>
      <p>You will also receive a complimentary subscription to TechRepublic's News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.</p>
    </span>
  </label>
  <input id="submit-join" type="submit" value="Continue" class="btn-trigger">
</form>

POST

<form class="share-email-form" method="post">
  <input type="hidden" name="share-email-title" value="New Bumblebee malware loader increasingly adopted by cyber threat groups">
  <input type="hidden" name="share-email-url" value="https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/">
  <input type="email" name="from-email" class="read-write" placeholder="Your Email" required="">
  <input type="email" name="to-email" class="read-write" placeholder="Recipient Email" required="">
  <textarea name="msg" class="readonly">Check out this article I found on TechRepublic.</textarea>
  <input type="submit" value="Submit">
  <p class="response-msg">Your email has been sent</p>
</form>

POST

<form class="share-email-form" method="post">
  <input type="hidden" name="share-email-title" value="New Bumblebee malware loader increasingly adopted by cyber threat groups">
  <input type="hidden" name="share-email-url" value="https://www.techrepublic.com/article/new-bumblebee-malware-loader-increasingly-adopted-by-cyber-threat-groups/">
  <input type="email" name="from-email" class="read-write" placeholder="Your Email" required="">
  <input type="email" name="to-email" class="read-write" placeholder="Recipient Email" required="">
  <textarea name="msg" class="readonly">Check out this article I found on TechRepublic.</textarea>
  <input type="submit" value="Submit">
  <p class="response-msg">Your email has been sent</p>
</form>

POST

<form class="email-author-form" method="post">
  <input type="hidden" name="author_id" value="37114931">
  <input type="text" name="from-name" class="read-write" placeholder="Your Name" required="">
  <input type="email" name="from-email" class="read-write" placeholder="Your Email" required="">
  <input type="text" name="subject" class="read-write" placeholder="Subject" required="">
  <textarea name="msg" placeholder="Message" required="" class="read-write"></textarea>
  <input type="submit" value="Send Message">
  <p class="response-msg">Your message has been sent</p>
</form>

Text Content

WE VALUE YOUR PRIVACY

We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products. With your
permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
Skip to content



TECHREPUBLIC

Search Close
Search
 * Top Products Lists
 * Developer
 * 5G
 * Security
 * Cloud
 * Artificial Intelligence
 * Tech & Work
 * Mobility
 * Big Data
 * Innovation
 * Cheat Sheets
 * TechRepublic Academy
 * CES

Toggle TechRepublic mobile menu More
 * TechRepublic Premium
 * Top Products Lists
 * Developer
 * 5G
 * Security
 * Cloud
 * Artificial Intelligence
 * Tech & Work
 * Mobility
 * Big Data
 * Innovation
 * Cheat Sheets
 * TechRepublic Academy
 * CES
 * See All Topics

 * Sponsored
 * Newsletters
 * Forums
 * Resource Library

TechRepublic Premium
Join / Sign In


ACCOUNT INFORMATION

TechRepublic close modal


JOIN OR SIGN IN

Register for your free TechRepublic membership or if you are already a member,
sign in using your preferred method below.

Use Your Email
Use Facebook
Use Linkedin


JOIN OR SIGN IN



We recently updated our Terms and Conditions for TechRepublic Premium. By
clicking continue, you agree to these updated terms.


WELCOME BACK!



Invalid email/username and password combination supplied.




RESET PASSWORD

An email has been sent to you with instructions on how to reset your password.

Back to TechRepublic


WELCOME TO TECHREPUBLIC!

Country United States Afghanistan Aland Islands Albania Algeria American Samoa
Andorra Angola Anguilla Antarctica Antigua And Barbuda Argentina Armenia Aruba
Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium
Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet
Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina
Faso Burundi Cambodia Cameroon Canada Cape Verde Caribbean Netherlands Cayman
Islands Central African Republic Chad Chile China Christmas Island Cocos
(Keeling) Islands Colombia Comoros Congo Congo, DROC Cook Islands Costa Rica
Cote D'ivoire Croatia Cuba Curazao Cyprus Czech Republic Denmark Djibouti
Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial
Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji
Finland France French Guiana French Polynesia French Southern Territories Gabon
Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam
Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard And Mc Donald Islands
Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia
Iran (Islamic Republic Of) Iraq Ireland Isle of Man Israel Italy Jamaica Japan
Jersey Jordan Kazakhstan Kenya Kiribati Kuwait Korea, Republic Of Kosovo
Kyrgyzstan Lao People's Democratic Republic Latvia Korea, Democratic People's
Republic of Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein
Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali
Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico
Micronesia, Federated States of Moldova, Republic Of Monaco Mongolia Montenegro
Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands
Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue
Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian
Territory, Occupied Panama Papua New Guinea Paraguay Peru Philippines Pitcairn
Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda S. Georgia And
S. Sandwich Isles Saint Barthelemy Saint Kitts And Nevis Saint Lucia Saint
Martin Saint Vincent And The Grenadines Samoa San Marino Sao Tome And Principe
Saudi Arabia Senegal Serbia Serbia and Montenegro Seychelles Sierra Leone
Singapore Sint Maarten Slovakia Slovenia Solomon Islands Somalia South Africa
South Sudan Spain Sri Lanka St. Helena St. Pierre And Miquelon Sudan Suriname
Svalbard And Jan Mayen Islands Swaziland Sweden Switzerland Syrian Arab Republic
Taiwan Tajikistan Tanzania, United Republic Of Thailand Togo Tokelau Tonga
Trinidad And Tobago Tunisia Turkey Turkmenistan Turks And Caicos Islands Tuvalu
U.S. Minor Outlying Islands Uganda Ukraine United Arab Emirates United Kingdom
Uruguay Uzbekistan Vanuatu Venezuela Viet Nam Virgin Islands (British) Virgin
Islands (U.S.) Wallis And Futuna Islands Western Sahara Yemen Yugoslavia Zambia
Zimbabwe

By registering, you agree to the Terms of Use and acknowledge the data practices
outlined in the Privacy Policy.

You will also receive a complimentary subscription to TechRepublic's News and
Special Offers newsletter and the Top Story of the Day newsletter. You may
unsubscribe from these newsletters at any time.

All fields are required. Username must be unique. Password must be a minimum of
6 characters and have any 3 of the 4 items: a number (0 through 9), a special
character (such as !, $, #, %), an uppercase character (A through Z) or a
lowercase (a through z) character (no spaces).

Loading


ACCOUNT INFORMATION

TechRepublic close modal
Image: iStockphoto/solarseven


NEW BUMBLEBEE MALWARE LOADER INCREASINGLY ADOPTED BY CYBER THREAT GROUPS

 * 
 * 
 * 


 * ACCOUNT INFORMATION
   
   TechRepublic close modal
   
   
   SHARE WITH YOUR FRIENDS
   
   New Bumblebee malware loader increasingly adopted by cyber threat groups
   
   Check out this article I found on TechRepublic.
   
   Your email has been sent

by Brian Stone in Security
on June 28, 2022, 3:00 AM PDT


NEW BUMBLEBEE MALWARE LOADER INCREASINGLY ADOPTED BY CYBER THREAT GROUPS

Conti, Quantum and Mountlocker were all linked to having used the new piece of
software to inject systems with ransomware.

Image: iStockphoto/solarseven

A recently uncovered malware loader called Bumblebee has been found to be
connected to a number of prominent ransomware groups and has been a key
component of many cyberattacks. New findings by the Symantec Threat Hunter Team,
part of Broadcom Software, discovered that the tool has links to threat groups
such as Conti, Quantum and Mountlocker, per the team’s blog entry.

According to Symantec’s Threat Hunter Team, the Bumblebee loader may have been
used as a replacement for Trickbot and BazarLoader, due to the overlap in recent
activity involving Bumblebee and older attacks linked to these loaders.

“[Bumblebee] appears to have replaced a number of older loaders, which suggests
that it is the work of established actors and that the transition to Bumblebee
was pre-planned,” the team wrote in its blog post.


HOW THE BUMBLEBEE LOADER BECOMES A THREAT


MUST-READ SECURITY COVERAGE

 * 85% of Android users are concerned about privacy
 * Almost 2,000 data breaches reported for the first half of 2022
 * In security, there is no average behavior
 * How to secure your email via encryption, password management and more
   (TechRepublic Premium)

One particular attack singled out by the team stemming from Quantum ransomware
detailed how the Bumblebee loader is put into practice. The initial infection
came through use of a spear-phishing email, which had an attachment of an ISO
file. The malicious file in question was equipped with a Bumblebee DLL file and
a LNK file, which then loaded the Bumblebee file using rundll32.exe.

The Bumblebee loader allegedly then contacted a command-and-control server
according to the team, and created a duplicate file within the %APPDATA% folder
with a randomized name. In conjunction with this, a VBS file was also created
within the same location. Then, the loader organized a scheduled task to run the
VBS file every 15 minutes. After a few hours had passed, the loader dropped a
Cobalt Strike payload. This action led to two additional points: One being that
Metasploit DLL was injected into a legitimate Windows process and the second
coming from an AdFind tool to collect system information such as domain users
and group permissions for the system.

After this task was completed, the Quantum ransomware was unloaded by Bumblebee,
allowing the ransomware group to encrypt files of the targeted system. Once in
the system, Quantum then was able to scrape the system for user information
using Windows Management Instrumentation. The ransomware payload also disabled
any processes related to malware identification.

SEE: Mobile device security policy (TechRepublic Premium)


BUMBLEBEE’S CONNECTION TO PREVIOUS ATTACKS

Due to Bumblebee’s use of the tools formerly mentioned, it is believed by the
Threat Hunter Team that there is a connection between the new loader and ones
used previously by cybercriminal groups. One such link comes from the use of
AdFind, a publicly available tool for querying Active Directory and having been
used by other adversaries in the past. The deployment of an ISO file with the
intent to infect a system was also the initial infection point for victims in
previous attacks, dating back as far as June of 2021 and used by threat groups
Ryuk and Conti.

Another link comes from the use of a batch script known as adf.bat. The batch
script has been tied to cyberattacks going back to November 2021, along with the
use of the AdFind tool in these attacks. In that case, the loader was determined
to be BazarLoader.

Many of the attacks being investigated by the Threat Hunter Team also found the
use of legitimate software tools within the attacks themselves. For
organizations employing remote desktop tools this can cause major issues, having
been linked to a number of ransomware deployments and data exfiltration
purposes. Symantec’s team recommends that users and enterprises be on the
lookout for this new malware loader and the capabilities it possesses.


CYBERSECURITY INSIDER NEWSLETTER

Strengthen your organization's IT security defenses by keeping abreast of the
latest cybersecurity news, solutions, and best practices.

Delivered Tuesdays and Thursdays
Sign up today
Brian Stone
Published:  June 28, 2022, 3:00 AM PDT Modified:  June 28, 2022, 6:13 AM PDT See
more Security


ALSO SEE

 * How to become a cybersecurity pro: A cheat sheet (TechRepublic)
 * EDR Software: Choosing the Best EDR Tools for Your Business (TechRepublic)
 * NIST Cybersecurity Framework: A cheat sheet for professionals (free PDF)
   (TechRepublic)
 * Cybersecurity and cyberwar: More must-read coverage (TechRepublic on
   Flipboard)

WHITE PAPERS, WEBCASTS, AND DOWNLOADS

PDF CONVERTER PRO: LIFETIME LICENSE

Tools & Templates from TechRepublic Academy
Give It A Try!

RASPBERRY PI & ARDUINO DEVELOPER BUNDLE

Training from TechRepublic Academy
Read More

PANDEMIC RESPONSE POLICY

Tools & Templates from TechRepublic Premium
View This Now

THE LINUX & DOCKER CODING BUNDLE

Training from TechRepublic Academy
Learn More

THE ULTIMATE LEARN TO CODE TRAINING (5 COURSES)

Training from TechRepublic Academy
View This Now



 * 
 * 
 * 


 * ACCOUNT INFORMATION
   
   TechRepublic close modal
   
   
   SHARE WITH YOUR FRIENDS
   
   New Bumblebee malware loader increasingly adopted by cyber threat groups
   
   Check out this article I found on TechRepublic.
   
   Your email has been sent

Share: New Bumblebee malware loader increasingly adopted by cyber threat groups
By Brian Stone
Brian is an award-winning journalist covering technology and the news behind it,
having written for both print and online outlets in his previous stops as a
writer.
 * 


 * ACCOUNT INFORMATION
   
   TechRepublic close modal
   
   
   CONTACT BRIAN STONE
   
   Your message has been sent

 * |
 * See all of Brian's content


 * Security


EDITOR'S PICKS

 * Image: Rawpixel/Adobe Stock
   TechRepublic Premium
   
   
   TECHREPUBLIC PREMIUM EDITORIAL CALENDAR: IT POLICIES, CHECKLISTS, TOOLKITS,
   AND RESEARCH FOR DOWNLOAD
   
   TechRepublic Premium content helps you solve your toughest IT issues and
   jump-start your career or next project.
   
   TechRepublic Staff
   Published:  August 5, 2022, 9:30 AM PDT Modified:  August 6, 2022, 7:23 PM
   PDT Read More See more TechRepublic Premium
 * Image: Adobe Stock
   Innovation
   
   
   GARTNER IDENTIFIES 25 EMERGING TECHNOLOGIES IN ITS 2022 HYPE CYCLE
   
   The technologies could enable immersive experiences, accelerated AI
   automation and optimized technologist delivery in the next two to 10 years,
   according to the firm.
   
   Esther Shein
   Published:  August 9, 2022, 8:56 AM PDT Modified:  August 9, 2022, 8:56 AM
   PDT Read More See more Innovation
 * Image: BillionPhotos.com/Adobe Stock
   CXO
   
   
   TOP 10 ERP VENDORS 2022
   
   Are you an IT manager or executive trying to make the case for a new ERP
   vendor? Compare the top ERP software solutions with our list today.
   
   Brenna Miles
   Published:  July 26, 2022, 8:30 AM PDT Modified:  July 30, 2022, 3:15 AM PDT
   Read More See more CXO
 * Image: Apple. At WWDC 2022, Apple announced the planned release of the next
   version of its Mac operating system, macOS Ventura, for the fall of 2022.
   Software
   
   
   MACOS 13 VENTURA CHEAT SHEET: COMPLETE GUIDE FOR 2022
   
   Learn about the new features available with macOS 13 and how to download and
   install the latest version of Apple’s flagship operating system.
   
   Erik Eckel
   Published:  July 12, 2022, 12:26 PM PDT Modified:  July 12, 2022, 2:38 PM PDT
   Read More See more Software
 * Image: elenabsl/Adobe Stock
   Software
   
   
   TOP TECHREPUBLIC ACADEMY TRAINING COURSES AND SOFTWARE OFFERINGS OF 2022
   
   Get great deals on developer and Linux training courses, Microsoft Office
   licenses and more through these TechRepublic Academy offerings.
   
   Brenna Miles
   Published:  July 15, 2022, 8:15 AM PDT Modified:  July 15, 2022, 8:15 AM PDT
   Read More See more Software
 * Image: iStock/phototechno
   Cloud
   
   
   MULTICLOUD EXPLAINED: A CHEAT SHEET
   
   This comprehensive guide covers the use of services from multiple cloud
   vendors, including the benefits businesses gain and the challenges IT teams
   face when using multicloud.
   
   Matt Asay
   Published:  August 10, 2022, 12:33 PM PDT Modified:  August 16, 2022, 7:07 AM
   PDT Read More See more Cloud




TECHREPUBLIC PREMIUM

 * TechRepublic Premium
   
   
   HOW TO RECRUIT AND HIRE A SCRUM MASTER
   
   Recruiting a Scrum Master with the right combination of technical expertise
   and experience will require a comprehensive screening process. This hiring
   kit provides a customizable framework your business can use to find, recruit
   and ultimately hire the right person for the job. This hiring kit from
   TechRepublic Premium includes a job description, sample interview questions
   ...
   
   Downloads
   Published:  August 5, 2022, 5:00 PM PDT Modified:  August 7, 2022, 4:00 AM
   PDT Read More See more TechRepublic Premium
 * TechRepublic Premium
   
   
   WEB 3.0 QUICK GLOSSARY
   
   Knowing the terminology associated with Web 3.0 is going to be vital to every
   IT administrator, developer, network engineer, manager and decision maker in
   business. This quick glossary will introduce and explain concepts and terms
   vital to understanding Web 3.0 and the technology that drives and supports
   it.
   
   Downloads
   Published:  August 4, 2022, 5:00 PM PDT Modified:  August 7, 2022, 1:00 AM
   PDT Read More See more TechRepublic Premium
 * TechRepublic Premium
   
   
   HOW TO RECRUIT AND HIRE A USER EXPERIENCE DESIGNER
   
   While the perfect color palette or the most sublime button shading or myriad
   of other design features play an important role in any product’s success,
   user interface design is not enough. Customer engagement and retention
   requires a strategic plan that attempts to measure, quantify and ultimately
   create a complete satisfying user experience on both an ...
   
   Published:  August 4, 2022, 5:00 PM PDT Modified:  August 7, 2022, 3:00 AM
   PDT Read More See more TechRepublic Premium
 * TechRepublic Premium
   
   
   INDUSTRIAL INTERNET OF THINGS: SOFTWARE COMPARISON TOOL
   
   IIoT software assists manufacturers and other industrial operations with
   configuring, managing and monitoring connected devices. A good IoT solution
   requires capabilities ranging from designing and delivering connected
   products to collecting and analyzing system data once in the field. Each IIoT
   use case has its own diverse set of requirements, but there are key
   capabilities and ...
   
   Downloads
   Published:  May 26, 2022, 5:00 PM PDT Modified:  May 28, 2022, 8:00 AM PDT
   Read More See more TechRepublic Premium


SERVICES

 * About Us
 * Newsletters
 * RSS Feeds
 * Site Map
 * Site Help & Feedback
 * FAQ
 * Advertise
 * Do Not Sell My Information


EXPLORE

 * Downloads
 * TechRepublic Forums
 * Meet the Team
 * TechRepublic Academy
 * TechRepublic Premium
 * Resource Library
 * Photos
 * Videos

 * TechRepublic
 * TechRepublic on Twitter
 * TechRepublic on Facebook
 * TechRepublic on LinkedIn
 * TechRepublic on Flipboard

© 2022 TechnologyAdvice. All rights reserved.
 * Privacy Policy
 * Terms of Use
 * Property of TechnologyAdvice