US orgs subjected to reemerging Bumblebee malware attacks

Thousands of organizations across the U.S. have been targeted by a new phishing campaign deploying the Bumblebee malware, which was last observed in the wild in September, according to BleepingComputer. Threat actors leveraged the "info@quarlessa[.]com" address to send phony voicemail notification emails with a OneDrive URL to commence the campaign, a report from Proofpoint showed. Clicking the URL would prompt the downloading of a malicious Word document using VBA macros to facilitate the eventual Bumblebee malware distribution. No specific threat operation has been noted to be behind the phishing campaign but similar tactics have been utilized by the TA579 hacking group, according to researchers, who have also noted increased threat activity from TA2541, TA582, TA576, and TA866. The findings come after the reported reemergence of the Pikabot following a brief hiatus. Such a new Pikabot variant was noted by Zscaler to have been using a less sophisticated configuration system, suggesting an early release.