Bianlian

Threat Actor updated 25 days ago (2024-08-13T20:17:58.731Z)
Download STIX
Preview STIX
BianLian is a significant threat actor within the cybersecurity landscape, known for its malicious activities and cyber-attacks. The group has been particularly active in exploiting bugs in JetBrains TeamCity, a popular continuous integration and deployment system used by software development teams. This exploit has led to a series of successful ransomware attacks, where the group encrypts victims' data and demands payment for its release. In 2024, BianLian notably targeted Australian mining companies Evolution Mining and Northern Minerals. The attack on these organizations followed a similar modus operandi, underscoring the group's focus on this particular sector. Additionally, BianLian was reported to have joined forces with other ransomware gangs - White Rabbit and Mario - in a joint campaign, further expanding their impact and reach. According to Cisco Talos’ 2023 Year in Review report, BianLian, alongside BlackCat, LockBit, and Clop, were responsible for nearly 50% of posts made to ransomware data leak sites during that year. This statistic emphasizes the prominence of BianLian within the ransomware ecosystem and its substantial contribution to the overall threat landscape. The group's activities underline the need for robust cybersecurity measures, especially for organizations within their target sectors.
Description last updated: 2024-08-13T20:16:56.637Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Extortion
Backdoor
Malware
Ransom
Exploit
Encryption
Lateral Move...
Encrypt
Android
Exploits
Teamcity
Windows
PowerShell
T1566
Antivirus
Implant
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
BlackbastaUnspecified
3
BlackBasta is a notorious malware, specifically ransomware, that has been associated with several high-profile cyber-attacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information,
KarakurtUnspecified
2
Karakurt is a malicious software (malware) utilized by cybercriminals for data theft and extortion. It was revealed as the data extortion arm of the Conti cybercrime syndicate, with links to ITG23 affiliates. Karakurt has been associated with numerous attacks, including those carried out by Quantum,
LockbitUnspecified
2
LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Black Bastais related to
2
Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of
ClopUnspecified
2
Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole
CerberusUnspecified
2
Cerberus is a type of malware, a harmful software designed to exploit and damage systems. It has been found to be associated with various platforms and versions of Siemens Cerberus PRO UL, including the Compact Panel FC922/924 and the Engineering Tool, all versions prior to MP4. Additionally, Cerber
TeabotUnspecified
2
TeaBot, also known as Anatsa, is a sophisticated Android banking Trojan that targets applications from over 650 financial institutions. It was first observed to use second-stage dropper applications that appear benign to users, deceiving them into installing the payload. TeaBot utilizes remote paylo
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
3
Alphv is a threat actor group known for its malicious activities in the cyber world. They have been particularly active in deploying ransomware attacks, with one of their most significant actions being the theft of 5TB of data from Morrison Community Hospital. This act not only disrupted hospital op
White RabbitUnspecified
2
White Rabbit is a notable threat actor in the cybersecurity landscape, known for its malicious activities and association with other prominent hacking groups. The group's name, derived from the character in Alice's Adventures in Quantum Wonderland, signifies its unique approach to cyber attacks. In
Vice SocietyUnspecified
2
Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu
QilinUnspecified
2
The Qilin ransomware group, a malicious threat actor in the cybersecurity landscape, has been active since at least 2022 and gained significant attention in June 2024 for attacking Synnovis, a UK governmental service provider for healthcare. The group was later associated with Octo Tempest, which ad
Source Document References
Information about the Bianlian Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
25 days ago
Gold Miner Evolution Mining Reports Ransomware Breach
Securityaffairs
a month ago
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs
a month ago
security-affairs-malware-newsletter-round-5
CERT-EU
9 months ago
Law Enforcement Disrupts BlackCat Ransomware Operation | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
DARKReading
2 months ago
'BadPack' APK Files Make Android Malware Hard to Detect
Unit42
2 months ago
Beware of BadPack: One Weird Trick Being Used Against Android Devices
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 1
Checkpoint
2 months ago
1st July – Threat Intelligence Report - Check Point Research
Securityaffairs
2 months ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity
3 months ago
Australian Mining Giant Confirms BianLian Ransomware Attack
Securityaffairs
3 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine
4 months ago
Ransomware Rising Despite Takedowns, Says Corvus Report
Securityaffairs
4 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
5 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION