Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Gartner® Report: Strategic Roadmap for CTEM
Learn More
New Integration Partnership with WIZ!
Learn More
Threat Exposure Validation Impact Report 2025
Learn More
Book a Demo
Book a Demo

BumbleBee Used To Drop A Meterpreter Agent

November 15, 2022

The intrusion began with the delivery of an ISO file that contained an LNK and a DLL. The threat actors leveraged BumbleBee to load a Meterpreter agent and Cobalt Strike Beacons. They then performed reconnaissance, used two different UAC bypass techniques, dumped credentials, escalated privileges using a ZeroLogon exploit, and moved laterally through the environment.

Featured Resources

View More Resources
image
blog

CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center 

Ilan Kalendarov, Security Research Team LeadBen Zamir, Security ResearcherElad Beber, Security Researcher Executive Summary  Cymulate Research Labs has uncovered a local privilege

Read More
image
blog

Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link 

Idan Sherman, Security Researcher  Executive summary  The "Shai-Hulud" supply chain campaign has returned, striking harder and smarter than before. This

Read More
image
blog

Top 5 Must-Have Features in an Exposure Management Platform 

Security teams are under growing pressure to reduce risk faster and prove resilience continuously. Attack surfaces expand with every new

Read More