BianLian ransomware infrastructure beefed up as activity ramps up

Newly identified ransomware group BianLian has bolstered its command-and-control infrastructure, indicating increasing activity, The Hacker News reports. Fifteen organizations have already been impacted by BianLian ransomware since its emergence in mid-July, according to a report from cybersecurity firm [redacted]. Microsoft Exchange Server ProxyShell vulnerabilities have been exploited by BianLian to obtain initial network access, which would be used for web shell or ngrok payload deployment. The report also noted that SonicWall VPN devices have also been targeted by the ransomware, which has significantly longer dwell times than other strains. BianLian does not only perform network profiling and lateral movement through living-off-the-land methods but also launches a custom implant for persistence, as well as arbitrary payload retrieval from a remote server, said the report. "BianLian have shown themselves to be adept with the Living of the Land (LOL) methodology to move laterally, adjusting their operations based on the capabilities and defenses they encountered in the network," researchers added.