Proofpoint researchers have detected the resurgence of the Bumblebee malware in the cyber threat landscape, marking its return after a four-month absence. The sophisticated downloader was extensively used from March 2022 through October 2023 before it disappeared.
Deets on the recent campaign
- These emails carried the subject "Voicemail February" and were sent from the address info@quarlesaa[.]com.
- They contained OneDrive URLs leading to Word files named with variations like "ReleaseEvans#96.docm".
- These Word documents impersonated the consumer electronics company Humane and employed macros to execute scripts, ultimately downloading and executing the Bumblebee DLL.
The campaign stands out due to its utilization of VBA macro-enabled documents as most threat actors have nearly stopped using them after Microsoft began blocking macros by default. This caused threat actors to look for alternative options to launch attacks.
Attribution
Proofpoint has not attributed the activity to a threat actor. However, the use of a voicemail lure theme, OneDrive URLs, and sender address correspond with past activities attributed to TA579.
What else?
- The return of Bumblebee aligns with the resurgence of cybercriminal threat activity, evidenced by the reappearance of multiple threat actors such as TA576, TA866, TA582, TA2541, TA571, TA577, TA544, and TA558, along with the reappearance of DarkGate malware.
- These actors and malware entities had been absent for varying durations before resurfacing in late January and February.
Conclusion
The beginning of 2024 has witnessed a surge in cybercriminal activity after a temporary lull, with threat actors exhibiting a high operational tempo. Researchers anticipate this trend to persist until the anticipated summer threat actor breaks, as they continue to monitor and analyze new attack chains and evasion techniques. Meanwhile, protect your system by taking the right measures.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_436464511.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/0cbd_shutterstock_2245564489.jpg)
