{"id":8381,"date":"2023-05-17T15:12:42","date_gmt":"2023-05-17T06:12:42","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=8381"},"modified":"2023-05-30T15:16:16","modified_gmt":"2023-05-30T06:16:16","slug":"fbi-releases-joint-advisory-against-the-bianlian-ransomware-gang","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/fbi-releases-joint-advisory-against-the-bianlian-ransomware-gang\/","title":{"rendered":"FBI releases joint advisory against the BianLian ransomware gang"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"8381\" class=\"elementor elementor-8381\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3c5e4cf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3c5e4cf\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ef43dec\" data-id=\"ef43dec\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e934471 elementor-widget elementor-widget-text-editor\" data-id=\"e934471\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On Tuesday 16<sup>th<\/sup> of May 2023, the United States Federal Bureau of Investigation (FBI) released a joint TLP:CLEAR cybersecurity advisory warning organisations of the latest tactics, techniques, and procedures (TTPs) used by the\u00a0BianLian ransomware group. The advisory highlighted that BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organisations in multiple U.S. critical infrastructure sectors since June 2022. It also revealed that BianLian initially employed a double-extortion model, encrypting systems after stealing personal data from victim networks and then threatening to publish the files. However, since January 2023, when\u00a0Avast released a decryptor\u00a0for the ransomware, the group switched to\u00a0primarily exfiltration-based extortion without encrypting systems.<\/p><p>This joint cybersecurity advisory was released in coordination with the Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cyber Security Centre (ACSC to provide key cyber threat information to disseminate known BianLian ransomware IOCs and TTPs associated with ransomware variants identified through investigations as recently as March 2023. The advisory also revealed that BianLian has been observed breaching systems using valid Remote Desktop Protocol (RDP) credentials, which are likely acquired from initial access brokers or through phishing.<\/p><p>In the advisory, the FBI asked for any information related to the Royal ransomware to be shared with them. This information can include \u201cboundary logs showing communication to and from foreign IP addresses, a sample ransom note, communications with BianLian actors, Bitcoin wallet information, decryptor files, and\/or a benign sample of an encrypted file.\u201d<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Tuesday 16th of May 2023, the United States Federal Bureau of Investigation (FBI) released a joint TLP:CLEAR cybersecurity advisory warning organisations of the latest tactics, techniques, and procedures (TTPs) used by the&nbsp;BianLian ransomware group. The advisory highlighted that BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organisations in multiple U.S. critical infrastructure sectors<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":8386,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[225,6,10,221,12,9,2,7,8,1],"tags":[],"class_list":["post-8381","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-heavy-industry","category-latest_news","category-latest_vulnerabilities","category-national-infrastructure","category-read_article","category-ransomware_criminals","category-ce_news","category-by_country","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2023\/05\/Picture1-8.jpg?fit=1378%2C950&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8381"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=8381"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8381\/revisions"}],"predecessor-version":[{"id":8389,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8381\/revisions\/8389"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/8386"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=8381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=8381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=8381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}