Threats Tagged 'bumblebee'
View all threats tagged with 'bumblebee'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'bumblebee'
Click on any threat for detailed analysis and mitigation recommendations
Operation Endgame vs. SocGholish Fake Updates 0 Operation Endgame is a multinational law enforcement effort that disrupted the SocGholish malware framework, which has been active since 2017. SocGholish compromises WordPress websites and uses fake browser update prompts to trick users into downloading malicious JScript payloads. This initial access vector facilitates ransomware deployment and data breaches across multiple industries including government, education, and healthcare. The malware employs domain shadowing and a four-stage attack chain involving traffic acquisition, filtering, fake update lures, and implant execution. The operation took down 106 servers and domains and remediated nearly 15,000 compromised sites. Analysis showed that 55% of Infoblox cloud customers were exposed to SocGholish in 2026, indicating widespread impact. The infrastructure has been used by multiple ransomware families and threat actors. No specific software versions are affected, and no known exploits in the wild are reported. Join the discussion | AlienVault OTX General | 06/18/2026, 14:53:53 UTC Added: 06/18/2026, 20:36:32 UTC |
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira 0 A sophisticated cyber attack campaign leveraged SEO poisoning to compromise organizations through trojanized IT management tool installers. The attack began when users searching for ManageEngine OpManager were directed to a malicious website, downloading a compromised MSI file that installed Bumblebee malware. The threat actors then deployed AdaptixC2 beacons, performed internal reconnaissance, created privileged accounts, and installed RustDesk for persistence. They exfiltrated data via SFTP and ultimately deployed Akira ransomware across the network. The campaign affected multiple organizations, with time to ransomware ranging from 9 to 44 hours after initial access. The attackers used various tools and techniques for lateral movement, credential theft, and defense evasion. Join the discussion | AlienVault OTX General | 08/07/2025, 11:19:24 UTC Added: 08/07/2025, 15:17:45 UTC |
Bumblebee Malware SEO Poisoning Campaign Leads to Akira Ransomware Deployment 0 A coordinated threat campaign has been identified leveraging SEO poisoning to distribute Bumblebee malware via trojanized installers of IT management tools. The campaign targets users searching for legitimate software like ManageEngine OpManager. Upon execution, Bumblebee establishes initial access, enabling lateral movement, credential dumping, deployment of remote access tools, and data exfiltration. The intrusions often end with the deployment of Akira ransomware, resulting in severe operational disruptions. Multiple organizations have been impacted, with various security teams reporting consistent patterns of compromise. Join the discussion | AlienVault OTX General | 08/05/2025, 13:32:51 UTC Added: 08/05/2025, 13:47:43 UTC |
Showing 1 to 3 of 3 results