minute read
Share this article:
The BumbleBee web shell allows APT attackers to upload and download files, and move laterally by running commands.
A webshell called BumbleBee has taken flight in an ongoing xHunt espionage campaign that has targeted Microsoft Exchange servers at Kuwaiti organizations.
According to researchers at Palo Alto Networks’ Unit 42, BumbleBee (so named because of its color scheme) was observed being used to upload and download files to and from a compromised Exchange server back in September.
“We found BumbleBee hosted on an internal Internet Information Services (IIS) web server on the same network as the compromised Exchange server, as well as on two internal IIS web servers at two other Kuwaiti organizations,” researchers explained in a Monday blog.