“The list of threat actors utilizing the ScreenConnect vulnerability CVE-2024-1709 for initial access is growing," researchers say.
The campaign uses a slightly modified attack chain for Bumblebee and marks the return of the malware after a four-month absence from the threat landscape.
The campaign indicates a “definitive shift” in the threat group’s tactics as it continues to rely on non-traditional technologies and frameworks for developing its malware.
Researchers observed thousands of spam emails delivering the WailingCrab malware that were sent to targets in North and South America, Europe and Asia.
Researchers with IBM X-Force recently observed the new Gootloader variant being used for lateral movement, marking a significant change in the malware’s post-infection tactics.