Wbadmin Weaponized: The Silent Credential Dumping Behind Bumblebee’s Enterprise Attacks

A recent cyberattack campaign has leveraged the Bumblebee malware as an initial infection vector, demonstrating increasing sophistication in targeting enterprise networks. After gaining foothold, attackers abusively use the Windows built-in backup tool, wbadmin, to extract Active Directory credentials stealthily. Wbadmin, intended for legitimate system backups allows adversaries to move laterally with elevated privileges, avoiding detection before deploying ransomware payloads.