Ransomware Attack on Stein Fibers Exposes 707 GB of Sensitive Data
Incident Date:
August 30, 2024
Overview
Title
Ransomware Attack on Stein Fibers Exposes 707 GB of Sensitive Data
Victim
Stein Fibers
Attacker
Bianlian
Location
First Reported
August 30, 2024
Ransomware Attack on Stein Fibers by BianLian Group
Stein Fibers, Ltd., a leading supplier and producer of synthetic fibers, particularly polyester staple fibers and nonwoven fibers, has been targeted by the notorious ransomware group BianLian. The attack, which has been claimed on BianLian's dark web leak site, has compromised a significant amount of sensitive data, posing a substantial risk to the company's operations and reputation.
Company Overview
Founded in 1976 and headquartered in Albany, New York, Stein Fibers has grown to become one of the largest players in the North American textile market. The company specializes in the production, sourcing, delivery, and sale of textile-related fiber products, with annual shipments exceeding 500 million pounds. Stein Fibers is known for its extensive range of fiber products, commitment to customer service, and proactive approach to environmental sustainability.
Attack Overview
The ransomware attack on Stein Fibers has resulted in the breach of 707 GB of data. The compromised information includes financial records, human resources data, details about partners and vendors, client and customer information, engineering and technological data, incident and accident reports, and internal and external email correspondence. Various databases have also been affected, highlighting the critical need for enhanced cybersecurity measures.
About BianLian
BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses and organizations globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group is known for its exfiltration-based extortion tactics, threatening victims with financial, business, and legal consequences if payment is not made.
Penetration Tactics
BianLian typically gains initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim. The group uses PowerShell and Windows Command Shell for defense evasion and employs various tools for discovery, lateral movement, collection, exfiltration, and impact. The attack on Stein Fibers underscores the vulnerabilities that manufacturing companies face, particularly those with extensive digital operations and sensitive data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.