The Bumblebee malware loader seemingly vanished from the internet last October, but it’s back and – oddly – relying on a vintage vector to try and gain access.
First spotted in 2022 by researchers at Proofpoint – who identified it as an apparent replacement for BazarLoader – Bumblebee was originally used by high-profile ransomware groups including Russia-linked Conti.
Now it has been spotted buzzing back to life. But it’s using a “significantly different” attack chain this time – relying on malicious VBA macros, of all things, which suggests it might not be in the hands of the same skilled operators who created it.
