Skip to content

Threat Intel Content Update: 11/26/24

  • November 26, 2024
Tidal Cyber

BianLian Ransomware Group, SessionGopher, RSOCKS, UPX, KillSec, APT73 

Threat Content Highlights

Threat Objects & Tags

  • CISA’s updated advisory on BianLian Ransomware Group (originally published in 2023) reinforces two themes Tidal Cyber’s Adversary Intelligence team has highlighted for many quarters: regular adversary TTP evolution, and ransomware groups' abuse of legitimate tools to support their operations.
    • The advisory notes how BianLian has shifted entirely to exfiltration-based extortion activity and spotlights 13 ATT&CK Techniques that are newly associated with the group. Considering BianLian actors were already linked to 39 Techniques, this represents a considerable expansion for an already very capable group which has targeted a wide range of sectors. These Techniques appear under a new Campaign object so users can more easily focus on BianLian TTPs observed at different periods.
    • We also published three new Software objects (SessionGopher, RSOCKS, & UPX) newly associated with BianLian, which are all legitimate and/or open-source tools used by the group for specific types of attack activity. The recording of our recent webcast on ransomware tool abuse trends is available for on-demand viewing here.

Threat Profiles

      • Published new objects to support the monthly update to the Major & Emerging Ransomware Tidal Cyber-curated Threat Profile: KillSec & “APT73”. These represent ransomware operations that are recent newcomers to the global top 10 list for monthly claimed victims.
Data-Driven Threat-Informed Defense

Meet Tidal Enterprise Edition

Quickly and easily develop custom threat profiles and defensive stacks, see your coverage and identify gaps and redundancies, and get daily recommendations to improve your cybersecurity posture.

Learn More