Cybereason issued a global threat report warning global organizations about an increase in Bumblebee loader-based ransomware attacks. The new study focuses on post-exploitation tactics, techniques, and procedures used in attacks.

The TriFive and Snugy backdoors are PowerShell scripts that provide backdoor access to the compromised Exchange server, using different command and control (C2) channels to communicate with the actors.