BumbleBee leverages Zerologon to get Domain Controller Access

Threat Advisories

BumbleBee leverages Zerologon to get Domain Controller Access

November 16, 2022
Threat Level
Amber
Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Since May 2022, threat actors are leveraging BumbleBee as an initial vector from a Contact Forms campaign. The intrusion started with the delivery of an ISO file that contained an LNK and a DLL. Using BumbleBee, the threat actors loaded Meterpreter and Cobalt Strike Beacons.

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.
Sign Up to Receive Our Weekly Threat Digest