bianlian attacks Advance Corporation
BianLian Ransomware Attack on Advance Corporation
The BianLian ransomware group has claimed responsibility for an attack on Advance Corporation, a holding company and conglomerate. The company operates in the Holding Companies & Conglomerates sector and has been targeted by the BianLian group, which has been active since 2022 and primarily targets healthcare and manufacturing sectors.
Company Overview
Advance Corporation is a holding company and conglomerate. Specific information about the size of the company and its unique features in the industry could not be found.
Vulnerabilities and Targeting
The BianLian ransomware group gains initial access to networks through compromised Remote Desktop Protocol (RDP) credentials and exploits the ProxyShell vulnerability. They utilize open-source tools and command-line scripting for discovery and credential harvesting. Once inside, the malware establishes communication with its command and control (C2) server, fetching additional modules and tools to escalate privileges and establish a lasting foothold in the compromised system.
Mitigation and Response
To mitigate ransomware attacks, organizations should implement security measures such as multi-factor authentication for RDP access, regularly patch systems, and use antivirus software. In the event of a compromise, it is crucial to have a response plan in place, including isolating affected systems, notifying law enforcement, and engaging a cybersecurity incident response team.
The BianLian ransomware group's attack on Advance Corporation underscores the importance of robust cybersecurity measures to protect against such threats. Companies in the Holding Companies & Conglomerates sector should be vigilant and proactive in implementing security best practices to minimize the risk of successful attacks.
Sources
- Unit 42. (2024, January 23). Threat Assessment: BianLian - Unit 42. Retrieved from https://unit42.paloaltonetworks.com/bianlian-ransomware-group-threat-assessment/
- CISA. (2023, May 16). #StopRansomware: BianLian Ransomware Group. Retrieved from https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a
- Cyberint. (2023, December 18). BianLian Ransomware: Victimology and TTPs - Cyberint. Retrieved from https://cyberint.com/blog/research/bianlian-ransomware-victimology-and-ttps/
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!