bianlian attacks International Custom Controls

Incident Date:

August 29, 2022

World map



bianlian attacks International Custom Controls


International Custom Controls




Tulsa, USA

Oklahoma, USA

First Reported

August 29, 2022

International Custom Controls Suffers Ransomware Attack

International Custom Controls (ICC), a company that provides complete turnkey controls and fabricated systems, has been targeted by the ransomware group Bianlian. The attack was announced on the group's dark web leak site, and the victim's website is currently under scrutiny. ICC operates in the Manufacturing sector and is renowned for offering a comprehensive suite of solutions aimed at reducing the cost and risk associated with the controls package.

The specific size of ICC is not detailed in available search results, yet the company has previously reported significant financial impacts from ransomware attacks. For example, Johnson Controls, a peer in the industrial controls sector, disclosed a $27 million loss due to a ransomware attack in 2023.

While the exact vulnerabilities exploited by threat actors in the ICC attack are not disclosed, the company's broad spectrum of solutions may present a wider attack surface relative to firms with more focused offerings. This diversity could render them a more appealing target for ransomware groups such as Bianlian.

Bianlian's notoriety stems from its destructive malware, marketed as a service to clients who then orchestrate ransomware attacks, seizing victims' data for ransom. Despite being targeted by a global law enforcement crackdown, the group has signaled intentions to regroup and resume its activities.

In light of such ransomware attacks, organizations are encouraged to implement preventive measures including maintaining backups, employing application allowlisting, and validating security controls. Reporting ransomware incidents to local FBI Field Offices or CISA's 24/7 Operations Center is also advised for affected entities.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.