Tag: bianlian

7 Attack Reports | 0 Vulnerabilities

Attack reports

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

A new phishing campaign is targeting TikTok for Business accounts using adversary-in-the-middle (AitM) techniques. The attackers employ Cloudflare Turnstile to evade detection and create convincing lookalike pages impersonating TikTok for Business or Google Careers. Victims are tricked into clickin…
phishing
social engineering
aitm
credential theft
vidar
bianlian
stealc
cloudflare turnstile
2026-03-27
aura stealer
svg malware
tiktok
Published: March 27, 2026
Downloadable IOCs: 0

Malicious Infrastructure Finds Stability with aurologic GmbH

German hosting provider aurologic GmbH has become a central hub for high-risk hosting networks, providing upstream transit to multiple threat activity enablers. These include sanctioned entities like Aeza Group and other providers associated with cybercrime and disinformation campaigns. aurologic's…
cobalt strike
amadey
asyncrat
cybercrime
rhadamanthys stealer
vidar
phorpiex
dcrat
sliver
latrodectus
disinformation
bianlian
stealc
redline stealer
lumma
meduza stealer
infrastructure
quasarrat
systembc
remcos rat
risepro stealer
darkcomet
dark crystal rat
svcstealer
hosting
castleloader
2025-11-06
moobot
neutrality
transit
sanctions
thc hydra
upstream
tinyloader
abuse
aurologic
destiny stealer
aurotun
castlerat
Published: November 6, 2025
Downloadable IOCs: 23

Shifting the sands of RansomHub's EDRKillShifter

ESET researchers analyze the ransomware ecosystem in 2024, focusing on the newly emerged RansomHub gang. They uncover connections between RansomHub affiliates and rival gangs Play, Medusa, and BianLian through the use of EDRKillShifter, a custom EDR killer developed by RansomHub. The researchers le…
ransomware
bianlian
medusa
edrkillshifter
systembc
grixba
byovd
play
2025-03-27
scransom
Published: March 27, 2025
Downloadable IOCs: 0

The State of Cloud Ransomware in 2024

Cloud ransomware attacks are evolving, primarily targeting storage services like Amazon S3 and Azure Blob Storage. Attackers exploit misconfigurations or use stolen credentials to access and encrypt data. Cloud service providers have implemented security measures, such as AWS's 7-day key deletion w…
lockbit
bianlian
cloud security
data exfiltration
rhysida
2024-11-14
CVE-2023-34362
cspm
cloud ransomware
pandora
s3 buckets
ransomes
web application attacks
identity management
kms
Published: November 14, 2024
Downloadable IOCs: 0

ReadText34 Ransomware Incident

A ransomware attack was observed in September 2024, targeting an endpoint with limited visibility. The threat actor used stolen Administrator credentials to enable RDP and deploy malicious executables. They installed a vulnerable driver, TrueSight RogueKiller Antirootkit, to disable security applic…
bianlian
2024-09-24
readtext34
Published: September 24, 2024
Downloadable IOCs: 6

BianLian Ransomware Group: 2024 Activity Analysis

The intelligence report delves into the evolving tactics and operations of the BianLian ransomware group, which has emerged as one of the top three most active ransomware groups. It details the group's shift from encryption tactics to a steal-and-extort model after a decryptor was released. The ana…
ransomware
extortion
cybercrime
bianlian
2024-07-12
data breach
Published: July 12, 2024
Downloadable IOCs: 8

Ikaruz Red Team | Hacktivist Group Leverages Ransomware for Attention Not Profit

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.
lockbit
2024-05-21
bianlian
ikaruz red
turk hack
ikaruz
anka red
medusa
Published: May 21, 2024
Downloadable IOCs: 1
Click here to see more Attack Reports