BianLian

Last updated

BianLian is a cybercriminal ransomware group, presumably based in Russia, which has targeted Critical National Infrastructure (CNI) in the US and private enterprises in Australia and the UK since June 2022, [1] [2] [3] [4] specializing since 2023 in encryption-based extortion. [5] [3] (It had previously used the more labor-intensive double-extortion model.) Valid Remote Desktop Protocol credentials are used to gain access to systems. [6] [3] On 20 November 2024, FBI, United States’ Cyber Security and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint security advisory concerning the BianLian group. [6] [3] Such has been its noterierty that on 6 March 2025 the FBI and its Internet Crime Complaint Center (IC3) issued an advisory bulletin about unknown actors claiming to be BianLian. [7]

See also

References

  1. Coker, James (November 21, 2024). "BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk". Infosecurity Magazine.
  2. "BianLian cyber gang drops encryption-based ransomware | Computer Weekly". ComputerWeekly.com.
  3. 1 2 3 4 "#StopRansomware: BianLian Data Extortion Group" (PDF). Cybersecurity and Infrastructure Security Agency . 2024-11-20 [2023-05-16]. Product ID: AA23-136A. Archived (PDF) from the original on 2024-11-21. Retrieved 2024-11-25.
  4. "BianLian ransomware claims attack on Boston Children's Health Physicians". BleepingComputer.
  5. "CISA says BianLian ransomware now focuses only on data theft". BleepingComputer.
  6. 1 2 "Advisory warns of activity by BianLian ransomware group | AHA News". www.aha.org.
  7. "Internet Crime Complaint Center (IC3) | Mail Scam Targeting Corporate Executives Claims Ties to Ransomware". www.ic3.gov.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.