Newly identified ransomware group BianLian has bolstered its command-and-control infrastructure, indicating increasing activity, The Hacker News reports.
Fifteen organizations have already been impacted by BianLian ransomware since its emergence in mid-July, according to a report from cybersecurity firm [redacted].
Microsoft Exchange Server ProxyShell vulnerabilities have been exploited by BianLian to obtain initial network access, which would be used for web shell or ngrok payload deployment. The report also noted that SonicWall VPN devices have also been targeted by the ransomware, which has significantly longer dwell times than other strains.
BianLian does not only perform network profiling and lateral movement through living-off-the-land methods but also launches a custom implant for persistence, as well as arbitrary payload retrieval from a remote server, said the report.
"BianLian have shown themselves to be adept with the Living of the Land (LOL) methodology to move laterally, adjusting their operations based on the capabilities and defenses they encountered in the network," researchers added.
BianLian ransomware infrastructure beefed up as activity ramps up
Newly identified ransomware group BianLian has bolstered its command-and-control infrastructure, indicating increasing activity, The Hacker News reports.
The U.S. Department of Justice announced that Ukrainian national Mark Sokolovsky, also known as raccoon-stealer, black21jack77777, and Photix, has admitted guilt in operating the Raccoon Infostealer malware-as-a-service operation.
Attacks part of the scheme — which were noted by Swiss authorities to have exceeded 260 between August 2023 and April 2024 — involved the suspects leveraging QR codes that redirected to payment platform-spoofing websites.
Information purportedly stolen by Meow ransomware included client and employee data, scanned payment files, personal details, addresses, banking details, certificates, and criminal records.