Nearly four months after Operation Endgame, an international law enforcement takedown of multiple malware droppers, the notorious Bumblebee loader malware has made a startling return. Bumblebee loader begins its attack chain with a malicious zip file email attachment, that uses a .LNK file to launch PowerShell and download a malicious MSI payload directly into memory. This tactic allows Bumblebee to avoid executing additional processes, and thus not triggering unwanted alerts to the victim.
Globe Life insurance confirms data breach
Following the investigation into a June data breach at Globe Life insurance, officials have confirmed that the threat actors behind the attack did not encrypt any of the affected files, though they have engaged in an extortion attempt with the threat of leaking the stolen data. The data breach itself compromised sensitive information for upwards of 5,000 individuals, though that number was an initial estimate and may have expanded to a much larger set of customers, alongside affected customers of Globe Life’s subsidiaries.
Transak breached with major phishing attack
Over the weekend, officials for the crypto payment provider, Transak, revealed that one of their employee’s laptops had been compromised due to a phishing attack on a third-party vendor which leaked legitimate login credentials. This breach at Transak has exposed personally identifiable information (PII) for more than 92,000 users, including passport data and other forms if ID.
Boston Children's Health Physicians suffers BianLian ransomware attack
Early in September, officials for Boston Children's Health Physicians (BCHP) identified some unauthorized activity on their network, which resulted in the exfiltration of a significant amount of patient information. More recently, the threat actors behind the BianLian ransomware group added BCHP to their leak site and claimed responsibility for the attack, giving BCHP the opportunity to negotiate to avoid the data being released.
Data breach exposes 50,000 Nidec documents
As the investigation concludes for the August data breach of the Japanese electric motor manufacturer, Nidec, it has been revealed that over 50,000 internal documents were compromised. Shortly after the incident, threat actors from the Everest ransomware group reached out to Nidec to negotiate a ransom for not leaking the stolen data, though the data was later published as negotiations failed.
