Bumblebee Malware SEO Poisoning Campaign Leads to Akira Ransomware Deployment
Essential information
- Published
- 05/08/2025 13:32
- Modified
- 05/08/2025 14:05
- Tags
- 2025-08-05 akira akira ransomware bumblebee credential dumping data exfiltration initial access lateral movement seo poisoning trojanized installers
- Related entities
- 19 observables, 8 techniques (mitre), 2 malware
Description
A coordinated threat campaign has been identified leveraging SEO poisoning to distribute Bumblebee malware via trojanized installers of IT management tools. The campaign targets users searching for legitimate software like ManageEngine OpManager. Upon execution, Bumblebee establishes initial access, enabling lateral movement, credential dumping, deployment of remote access tools, and data exfiltration. The intrusions often end with the deployment of Akira ransomware, resulting in severe operational disruptions. Multiple organizations have been impacted, with various security teams reporting consistent patterns of compromise.