BumbleBee leverages Zerologon to get Domain Controller Access

Threat Level – Amber | Vulnerability Report
Download PDF

Since May 2022, threat actors are leveraging BumbleBee as an initial vector from a Contact Forms campaign. The intrusion started with the delivery of an ISO file that contained an LNK and a DLL. Using BumbleBee, the threat actors loaded Meterpreter and Cobalt Strike Beacons.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox