BumbleBee leverages Zerologon to get Domain Controller Access

Threat Advisories

BumbleBee leverages Zerologon to get Domain Controller Access

Threat Level
Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Since May 2022, threat actors are leveraging BumbleBee as an initial vector from a Contact Forms campaign. The intrusion started with the delivery of an ISO file that contained an LNK and a DLL. Using BumbleBee, the threat actors loaded Meterpreter and Cobalt Strike Beacons.

Sign up to receive our Weekly Threat Digest