BianLian Cybercrime Group Changes Up Extortion Methods, Warns CISA

  /     /     /  
Publicated : 23/11/2024   Category : security


BianLian Cybercrime Group Changes Up Extortion Methods, Warns CISA


CISA urges small and midsized organizations as well as critical infrastructure to implement mitigations immediately to shield themselves from further data exfiltration attacks.



In an advisory this week, the US Cybersecurity and Infrastructure Security Agency (CISA) alongside the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning organizations of attacks made by the ransomware developer and data extortion group known as BianLian. 
BianLian has been active since 2022. In the past, the ransomware gang has focused on using a double-extortion model where they encrypt victims systems and steal data, threatening to release the acquired data if the payment is not received. In January though, BianLian shifted its attack methods to focus primarily on exfiltration-based extortion rather than leading with encryption, the alert warned.
The group uses stolen remote desktop protocol (RDP) credentials to access victims networks, as well as open-source tools and command-line scripting to move around the network. Then it exfiltrates data through File Transfer Protocol (FTP), Rclone, or Mega. After this is completed, the group goes on to extort its victims.
Cybersecurity service provider 
[redacted] released research on the group
 in March detailing its high-level operational security and skill penetration, and its continued growth while operating as a ransomware organization. Its these tactics, techniques, and procedures (TTPs) that have allowed the gang to 
target critical infrastructure organizations
 in the US and Australia as well as professional services and property development organizations.
More often than not, extortion via data leak is the modus operandi of choice, says Tom Kellerman, senior vice president of cyberstrategy at Contrast Security, in response to the advisory. The shift is due to the successful collaboration between law enforcement and the cyber community to not only decrypt the ransomware but to disrupt the infrastructure that sustains it.
CISA urges organizations to implement 
the mitigations it has provided in the advisory
, such as auditing remote access tools, reviewing logs for execution of remote access software, and enabling enhanced PowerShell logging, in light of these attacks.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
BianLian Cybercrime Group Changes Up Extortion Methods, Warns CISA