Now though, the Conti Syndicate has a new tool at their disposal. A newly developed malware loader dubbed Bumblebee. Eli Salem is a seasoned malware reverse engineer at Cyberreason. Salem says that the techniques used by Bumblebee are similar to those used by BazarLoader. This suggests that they were developed by the same team, which points the way back to TrickBot.
So TrickBot's developers made a new toy for the Conti Syndicate. Since Bumblebee became available, security researchers at Proofpoint and other organizations have been seeing evidence that other groups are switching away from BazarLoader and IcedID (also highly similar) in preference for Bumblebee.
Although similar in its overall structure to BazarLoader, Bumblebee appears to be a more advanced version.
It can support a wide range of commands, including but not limited to:
Worse is that there is clear evidence that Bumblebee is being actively developed and gains new features and capabilities with every update.
As of the update observed on April 19th, for example, the malicious code now supports multiple command-and-control servers. The development team has recently added an encryption layer that makes it more difficult to track communications to and from the command-and-control server.
What this means in terms of the bigger picture is anyone's guess. It seems clear that there's a growing level of cooperation and coordination in the hacking world lately, and that should scare just about everyone.