Introduction
BianLian is an extortion-focused threat actor group. The group originally used double-extortion methods when it began its operations in June 2022, demanding payment in exchange for decrypting locked files while also threatening to leak exfiltrated data. U.S. & Australian cybersecurity officials observed BianLian actors shifting almost exclusively to exfiltration-focused extortion schemes in 2023.[U.S. CISA BianLian Ransomware May 2023] Related Vulnerabilities: CVE-2020-1472[U.S. CISA BianLian Ransomware May 2023], CVE-2021-34473[BianLian Ransomware Gang Gives It a Go! | [redacted]], CVE-2021-34523[BianLian Ransomware Gang Gives It a Go! | [redacted]], CVE-2021-31207[BianLian Ransomware Gang Gives It a Go! | [redacted]] PulseDive (IOCs): https://pulsedive.com/threat/BianLian
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- CyberGate:
- Cyber Eye RAT:
Attribution and Evidence
Information pending cataloguing.