Hackers Using Bumblebee Loader to Compromise Active Directory Services
Distribution of the Bumblebee is done by phishing emails with an attachment or a link to a malicious archive. The initial execution relies on the end-user execution which has to extract the archive, mount an ISO image file, and click an LNK file.