bianlian attacks Advance Corporation
Incident Date:
August 29, 2022
Overview
Title
bianlian attacks Advance Corporation
Victim
Advance Corporation
Attacker
Bianlian
Location
First Reported
August 29, 2022
BianLian Ransomware Attack on Advance Corporation
The BianLian ransomware group has claimed responsibility for an attack on Advance Corporation, a holding company and conglomerate. The company operates in the Holding Companies & Conglomerates sector and has been targeted by the BianLian group, which has been active since 2022 and primarily targets healthcare and manufacturing sectors.
Company Overview
Advance Corporation is a holding company and conglomerate. Specific information about the size of the company and its unique features in the industry could not be found.
Vulnerabilities and Targeting
The BianLian ransomware group gains initial access to networks through compromised Remote Desktop Protocol (RDP) credentials and exploits the ProxyShell vulnerability. They utilize open-source tools and command-line scripting for discovery and credential harvesting. Once inside, the malware establishes communication with its command and control (C2) server, fetching additional modules and tools to escalate privileges and establish a lasting foothold in the compromised system.
Mitigation and Response
To mitigate ransomware attacks, organizations should implement security measures such as multi-factor authentication for RDP access, regularly patch systems, and use antivirus software. In the event of a compromise, it is crucial to have a response plan in place, including isolating affected systems, notifying law enforcement, and engaging a cybersecurity incident response team.
The BianLian ransomware group's attack on Advance Corporation underscores the importance of robust cybersecurity measures to protect against such threats. Companies in the Holding Companies & Conglomerates sector should be vigilant and proactive in implementing security best practices to minimize the risk of successful attacks.
Sources
- Unit 42. (2024, January 23). Threat Assessment: BianLian - Unit 42. Retrieved from https://unit42.paloaltonetworks.com/bianlian-ransomware-group-threat-assessment/
- CISA. (2023, May 16). #StopRansomware: BianLian Ransomware Group. Retrieved from https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a
- Cyberint. (2023, December 18). BianLian Ransomware: Victimology and TTPs - Cyberint. Retrieved from https://cyberint.com/blog/research/bianlian-ransomware-victimology-and-ttps/
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.