After four months of inactivity, the notorious Bumblebee malware has reappeared in the cybercriminal landscape. Based on reports, the latest campaign leverages thousands of emails targeting the United States-based organisations.
The researcher revealed that these emails contained the innocuous subject line “Voicemail February,” these emails masqueraded as legitimate emails, coming from the address info@quarlesaa[.]com.
Moreover, the attackers hide these malicious entities in the emails through seemingly harmless OneDrive URLs, leading unsuspecting recipients to Word documents with titles like “ReleaseEvans#96.docm.” The malware operators designed this tactic to bypass detections.
Bumblebee malware uses emails that pose as a well-known electronics firm.
The Bumblebee malware operators use malicious documents to pose as the esteemed consumer electronics company Humane. However, the ruse of this campaign is that the attackers engineered the malicious emails to execute scripts that covertly facilitate the download and execution of the dreaded Bumblebee DLL.
This campaign distinguishes itself from other attacks since it utilises the VBA macro-enabled documents, a tactic largely abandoned by threat actors after Microsoft’s proactive measures to block macros by default.
Unfortunately, the researchers have not attributed this Bumblebee resurgence to a specific threat group. Still, familiar signs point to a past activity that TA579 may have caused this reemerging threat.
On the other hand, Bumblebee’s return is not an isolated incident since it mirrors a broader trend of resurgent cybercriminal activity, with numerous threat actors, including TA576, TA866, TA582, TA2541, TA571, TA577, TA544, and TA558, emerging from the cybercriminal community alongside the re-emergence of the infamous DarkGate malware.
These entities, dormant for varying durations, have executed a comeback in late January and February, signalling a troubling rise in cyber warfare.
Security researchers now anticipate and prepare for this surge in malicious activity to persist until the proverbial “summer threat actor breaks,” diligently monitoring and analysing new attack transmitters and evasion techniques as they appear.
Safeguarding systems is paramount in these times. Organisations should remain vigilant, stay informed, and implement robust security measures to strengthen digital defences against relentless cyber threats and prevent or mitigate their impact.
