Security News > 2022 > September > Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks
The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control infrastructure this month, a development that alludes to an increase in the group's operational tempo.
"BianLian has also targeted SonicWall VPN devices for exploitation, another common target for ransomware groups," [redacted] researchers Ben Armstrong, Lauren Pearce, Brad Pittack, and Danny Quist said.
Unlike another new Golang malware called Agenda, the BianLian actors exhibit dwell times of up to six weeks from the time of initial access and the actual encryption event, a duration that's well above the median intruder dwell time of 15 days reported in 2021.
The earliest known C2 server associated with BianLian is said to have appeared online in December 2021.
BianLian is yet another indication of cybercriminals' dedicated efforts to continue hopping tactics so as to avoid detection.
"BianLian have shown themselves to be adept with the Living of the Land methodology to move laterally, adjusting their operations based on the capabilities and defenses they encountered in the network," the researchers said.
News URL
https://thehackernews.com/2022/09/researchers-detail-emerging-cross.html
Related news
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)