Intrusions by the BianLian ransomware operation during the past year have been refocused on specific targets and involved new attack techniques, according to SiliconAngle.
Despite initially gaining notoriety in expansive attacks around the world two years ago, BianLian has since primarily targeted organizations in the U.S. and Europe, especially those in the healthcare and manufacturing industries, a report from Palo Alto Networks' Unit 42 researchers revealed.
BianLian has also opted to concentrate on data exfiltration attacks in 2023, representing a pivot from the ransomware group's previous inclination to double extortion intrusions. Stolen remote desktop protocol credentials, vulnerability exploits, and numerous other methods have been leveraged by BianLian to achieve initial systems compromise, which would then be followed lateral movement and persistence techniques, as well as the deployment of a custom .NET tool allowing data exfiltration activities, researchers said.
The findings should prompt the adoption of extended detection and response and other security systems, as well as extensive cybersecurity training for employees, added researchers.