bianlian attacks Advance Corporation

Incident Date:

August 29, 2022

World map



bianlian attacks Advance Corporation


Advance Corporation




Cottage Grove, USA

Minnesota, USA

First Reported

August 29, 2022

BianLian Ransomware Attack on Advance Corporation

The BianLian ransomware group has claimed responsibility for an attack on Advance Corporation, a holding company and conglomerate. The company operates in the Holding Companies & Conglomerates sector and has been targeted by the BianLian group, which has been active since 2022 and primarily targets healthcare and manufacturing sectors.

Company Overview

Advance Corporation is a holding company and conglomerate. Specific information about the size of the company and its unique features in the industry could not be found.

Vulnerabilities and Targeting

The BianLian ransomware group gains initial access to networks through compromised Remote Desktop Protocol (RDP) credentials and exploits the ProxyShell vulnerability. They utilize open-source tools and command-line scripting for discovery and credential harvesting. Once inside, the malware establishes communication with its command and control (C2) server, fetching additional modules and tools to escalate privileges and establish a lasting foothold in the compromised system.

Mitigation and Response

To mitigate ransomware attacks, organizations should implement security measures such as multi-factor authentication for RDP access, regularly patch systems, and use antivirus software. In the event of a compromise, it is crucial to have a response plan in place, including isolating affected systems, notifying law enforcement, and engaging a cybersecurity incident response team.

The BianLian ransomware group's attack on Advance Corporation underscores the importance of robust cybersecurity measures to protect against such threats. Companies in the Holding Companies & Conglomerates sector should be vigilant and proactive in implementing security best practices to minimize the risk of successful attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.