![]() ![]() After exploitation, they deployed either a webshell or a lightweight remote access solution such as ngrok as the follow-on payload. The BianLian group has successfully targeted the ProxyShell vulnerability chain (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) to gain initial access into victim networks. Finally, we have observed the BianLian threat actor tripling their known command and control (C2) infrastructure in the month of August, suggesting a possible increase in the actor’s operational tempo. Infrastructure associated with the BianLian group first appeared online in December 2021 and their toolset appears to have been under active development since then. Generally they seemed to be experiencing the growing pains of a group of talented hackers new to this aspect of criminal extortion. The group has displayed signs of being new to the practical business aspects of ransomware and associated logistics. We observed the actor deploying custom malware that was written in the Go programming language, which posed some initial, but not insurmountable, reverse-engineering challenges.īianLian used subtle techniques to exploit, enumerate, and move laterally in victim networks to remain undetected and aggressively worked to counter Endpoint Detection & Response (EDR) protections during the encryption phase of their operations. Earlier this year, encountered a relatively new ransomware threat actor that called themselves BianLian.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |