InfoSec Handlers Diary Blog - SANS Internet Storm Center
released on 2022-05-11 @ 02:44:03 PM
TA578 appears to be pushing ISO files for Bumblebee malware through thread-hijacked emails. These threat-hijacked emails either have links to storage.googleapis.com URLs similar to those used in the Contact Forms campaign, or they have password-protected zip attachments. Either method delivers an ISO file containing files to install Bumblebee malware.