Newly identified ransomware group BianLian has bolstered its command-and-control infrastructure, indicating increasing activity, The Hacker News reports.
Fifteen organizations have already been impacted by BianLian ransomware since its emergence in mid-July, according to a report from cybersecurity firm [redacted].
Microsoft Exchange Server ProxyShell vulnerabilities have been exploited by BianLian to obtain initial network access, which would be used for web shell or ngrok payload deployment. The report also noted that SonicWall VPN devices have also been targeted by the ransomware, which has significantly longer dwell times than other strains.
BianLian does not only perform network profiling and lateral movement through living-off-the-land methods but also launches a custom implant for persistence, as well as arbitrary payload retrieval from a remote server, said the report.
"BianLian have shown themselves to be adept with the Living of the Land (LOL) methodology to move laterally, adjusting their operations based on the capabilities and defenses they encountered in the network," researchers added.
BianLian ransomware infrastructure beefed up as activity ramps up
Newly identified ransomware group BianLian has bolstered its command-and-control infrastructure, indicating increasing activity, The Hacker News reports.
Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Threat actors who infiltrated the online store of 5.11 Tactical were able to exfiltrate information from individuals who shopped from July 12 to August 22, including their names and email addresses, as well as their payment card numbers, expiration dates, and security codes.