Bumblebee malware loader emerges as Conti’s BazarLoader fades

A sophisticated malware loader dubbed Bumblebee is being used by at least three cybercriminal groups that have links to ransomware gangs, according to cybersecurity researchers. Gangs using Bumblebee have in the past used the BazarLoader and IcedID loaders – linked Read More …

Hackers use Conti’s leaked ransomware to attack Russian companies

A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Read More …

Exotic Lily: Exposing initial access broker with ties to Conti

In early September 2021, Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigating this group’s activity, we determined they are an Initial Access Broker (IAB) Read More …

Corporate website contact forms used to spread BazarBackdoor malware

The stealthy BazarBackdoor malware is now being spread via website contact forms rather than typical phishing emails to evade detection by security software. BazarBackdoor is a stealthy backdoor malware created by the TrickBot group and is now under development by Read More …

TrickBot malware operation shuts down, devs move to stealthier malware

The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families. TrickBot is a notorious Windows malware infection that has dominated the threat Read More …