The campaign uses a slightly modified attack chain for Bumblebee and marks the return of the malware after a four-month absence from the threat landscape.
The campaign indicates a “definitive shift” in the threat group’s tactics as it continues to rely on non-traditional technologies and frameworks for developing its malware.
Researchers observed thousands of spam emails delivering the WailingCrab malware that were sent to targets in North and South America, Europe and Asia.
Researchers with IBM X-Force recently observed the new Gootloader variant being used for lateral movement, marking a significant change in the malware’s post-infection tactics.
A new attack group named ShroudedSnooper is targeting telecom providers in Middle Eastern countries with custom tools called HTTPSnoop and PipeSnoop.