Attack Overview
VICTIM
Advance Corporation
INDUSTRY
Holding Companies & Conglomerates
LOCATION
USA
ATTACKER
Bianlian
FIRST REPORTED
August 29, 2022

BianLian Ransomware Attack on Advance Corporation

The BianLian ransomware group has claimed responsibility for an attack on Advance Corporation, a holding company and conglomerate. The company operates in the Holding Companies & Conglomerates sector and has been targeted by the BianLian group, which has been active since 2022 and primarily targets healthcare and manufacturing sectors.

Company Overview

Advance Corporation is a holding company and conglomerate. Specific information about the size of the company and its unique features in the industry could not be found.

Vulnerabilities and Targeting

The BianLian ransomware group gains initial access to networks through compromised Remote Desktop Protocol (RDP) credentials and exploits the ProxyShell vulnerability. They utilize open-source tools and command-line scripting for discovery and credential harvesting. Once inside, the malware establishes communication with its command and control (C2) server, fetching additional modules and tools to escalate privileges and establish a lasting foothold in the compromised system.

Mitigation and Response

To mitigate ransomware attacks, organizations should implement security measures such as multi-factor authentication for RDP access, regularly patch systems, and use antivirus software. In the event of a compromise, it is crucial to have a response plan in place, including isolating affected systems, notifying law enforcement, and engaging a cybersecurity incident response team.

The BianLian ransomware group's attack on Advance Corporation underscores the importance of robust cybersecurity measures to protect against such threats. Companies in the Holding Companies & Conglomerates sector should be vigilant and proactive in implementing security best practices to minimize the risk of successful attacks.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.