Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros

Proofpoint researchers observed a renewed Bumblebee loader campaign targeting US organizations using emails with the subject "Voicemail February" that link to OneDrive-hosted Word documents embedding malicious VBA macros; the macro writes a script in the Windows temp directory which runs PowerShell to download and execute the Bumblebee DLL. While Bumblebee historically delivered post-exploitation tools like Cobalt Strike and Sliver, this campaign uses an outdated macro vector, shows limited use compared to other Bumblebee tactics, and has not been attributed to a tracked threat actor.