Bumblebee is the new malware used for attacks with Conti

Bumblebee is the new malware used for attacks with Conti

The Conti criminal group is known for ransomware attacks perpetrated against various companies, and now Google's Threat Analysis Group (TAG) has discovered that the group's criminal operations are in full swing. In fact, it seems that Conti has begun to implement the malware known as Bumblebee, which replaces the previous and infamous BazarLoader for the distribution of Cobalt Strike. Other researchers, from Cybereason and Proofpoint respectively, confirm the use of Bumblebee.

In essence, Bumblebee works very similar to BazarLoader and IceID, both of which have been found in previous Conti ransomware attacks. Apparently, several operators who have used BazarLoader in the past have transitioned to Bumblebee for shell code release and for the use of Cobalt Strike, Sliver, and Meterpreter frameworks, which are programmed to perform security assessments of target systems.



Conti is always a much-feared name in cybersecurity
Both Proofpoint and Cybereason have analyzed the Bumblebee code and have noticed that there are several similarities with TrickBot, so much so that yes can assume either that it is the same developer or, at least, that the person responsible for Bumblebee is in possession of the source code of TrickBot. In any case, the disconcerting aspect is the rapidity with which the malware spreads and the fact that Bumblebee also acts as a multipurpose tool for implementing payloads of various types of malware, including ransomware. The code itself indicates a very sophisticated tool, still under active development, capable of evading even the most advanced antivirus.