This article describes a recent incident involving the BianLian threat group. BianLian compromised a victim’s network by exploiting a vulnerability in a TeamCity server and deployed a PowerShell backdoor. …
Search Results for: bianlian
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most …
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These …
Since our initial report on the ransomware group known as BianLian, we have continued to keep an eye on their activities. Unfortunately, and sadly not surprisingly, the group …
The team at Avast has developed a decryptor for the BianLian ransomware and released it for public download. The BianLian ransomware emerged in August 2022, performing targeted attacks in various …
Minutes make the difference to defenders in responding to a ransomware attack on a victim’s network. BianLian ransomware raises the cybercriminal bar by encrypting files with exceptional speed.
Threat actors …
Earlier this year, [redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. We observed the actor deploying custom malware that was written in the Go programming language, …
Cyble Research Labs has observed that malware written in the programming language “Go” has recently been popular among Threat Actors (TAs). This is likely due …
Politically-motivated hacktivist groups are increasingly utilizing ransomware payloads both to disrupt targets and draw attention to their political causes. Notable among these hacktivist groups is Ikaruz Red Team, a threat …
EclecticIQ analysts observed that cybercriminals increased the delivery of the DarkGate loader following the FBI’s takedown of Qakbot infrastructure in August 2023 [1]. EclecticIQ analysts assess with high …
IP address
Location
122.168.199.151
Indore, Madhya Pradesh, IN
115.2.24.182
Seongnam, Gyeonggi-Do, KR
112.5.10.207
Fuzhou, Fujian, CN
171.34.73.139
Nanchang, Jiangxi, CN
191.36.153.200
Sao Gabriel, Rio Grande Do Sul, BR
220.95.14.102
Bundang-Gu …
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and …