Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem


Bumblebee, a recently developed malware loader, has quickly become a key component in a wide range of cyber-crime attacks and appears to have replaced a number of older loaders, which suggests that it is the work of established actors and that the transition to Bumblebee was pre-planned.

By analysis of three other tools used in recent attacks involving Bumblebee, Symantec’s Threat Hunter team, a part of Broadcom Software, has linked this tool to a number of ransomware operations including Conti, Quantum, and Mountlocker. The tactics, techniques, and procedures (TTPs) used in these older attacks support the hypothesis that Bumblebee may have been introduced as a replacement loader for Trickbot and BazarLoader, since there is some overlap between recent activity involving Bumblebee and older attacks linked to these loaders.

Read more…
Source: Symantec