BianLian Ransomware Group Targets ASI Partner in Major Cyber Attack

Overview of ASI Partner

ASI Partner, also known as ASI Corporation, is a prominent distributor of IT hardware and software products. Established in 1987 and headquartered in Fremont, California, the company employs nearly 500 professionals across nine sales and warehouse locations in the United States and Canada. ASI Partner offers a comprehensive range of technology solutions, including computers, servers, storage devices, networking equipment, and peripherals. The company collaborates with leading technology manufacturers to provide clients with the latest and most reliable technology solutions.

In addition to product distribution, ASI Partner offers value-added services such as technical support, product configuration, and integration services. The company also provides customized solutions tailored to meet specific client needs, including pre-sales consultation and post-sales support. ASI Partner is a certified member of the Women's Business Enterprise National Council (WBENC), underscoring its commitment to diversity and inclusion in the business sector.

Details of the Ransomware Attack

ASI Partner recently became a victim of a ransomware attack orchestrated by the BianLian group, compromising 3.3 terabytes of the company's data. The attackers have threatened to upload the stolen data and have provided contact information for those interested in either obtaining or protecting the data. The company's president, Christine Liang, can be reached via email at christine.liang@asipartner.com or by mobile phone at +1 (510) 761-0015.

The attack has significant implications for ASI Partner, given its critical role in the IT supply chain. The compromised data could include sensitive information related to their clients, resellers, system integrators, and managed service providers, potentially leading to severe financial and reputational damage.

Profile of the BianLian Ransomware Group

BianLian is a sophisticated ransomware group known for high-profile attacks on various sectors, including healthcare, manufacturing, professional services, and legal sectors. Initially functioning as a banking trojan, BianLian has evolved into a formidable ransomware operation. The group employs advanced tactics such as exfiltration-based extortion, threatening victims with financial, business, and legal consequences if payment is not made.

BianLian's modus operandi includes gaining initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors, and using tools like PowerShell and Windows Command Shell for defense evasion. The group has a global reach, with a higher concentration of attacks in North America and Europe, particularly targeting the United States, the United Kingdom, and Canada.

Potential Vulnerabilities and Penetration Methods

ASI Partner's extensive network and large volume of data make it an attractive target for ransomware groups like BianLian. The company's reliance on digital infrastructure for product distribution, technical support, and integration services could present multiple entry points for cyber attackers. Potential vulnerabilities include weak RDP credentials, insufficient endpoint detection and response solutions, and inadequate employee training on cybersecurity best practices.

BianLian likely penetrated ASI Partner's systems through compromised RDP credentials, allowing them to implant custom backdoors and move laterally within the network. The group's use of sophisticated tools for discovery, lateral movement, collection, exfiltration, and impact underscores the need for robust cybersecurity measures to protect against such advanced threats.

Sources

• ASI Partner Official Website
• SOCRadar: Threat Actor Profile - BianLian
• CISA: Cybersecurity Advisories
• Unit 42: BianLian Ransomware Group Threat Assessment