BianLian Ransomware Group, SessionGopher, RSOCKS, UPX, KillSec, APT73
Threat Content Highlights
Threat Objects & Tags
- CISA’s updated advisory on BianLian Ransomware Group (originally published in 2023) reinforces two themes Tidal Cyber’s Adversary Intelligence team has highlighted for many quarters: regular adversary TTP evolution, and ransomware groups' abuse of legitimate tools to support their operations.
- The advisory notes how BianLian has shifted entirely to exfiltration-based extortion activity and spotlights 13 ATT&CK Techniques that are newly associated with the group. Considering BianLian actors were already linked to 39 Techniques, this represents a considerable expansion for an already very capable group which has targeted a wide range of sectors. These Techniques appear under a new Campaign object so users can more easily focus on BianLian TTPs observed at different periods.
- We also published three new Software objects (SessionGopher, RSOCKS, & UPX) newly associated with BianLian, which are all legitimate and/or open-source tools used by the group for specific types of attack activity. The recording of our recent webcast on ransomware tool abuse trends is available for on-demand viewing here.
Threat Profiles
-
-
- Published new objects to support the monthly update to the Major & Emerging Ransomware Tidal Cyber-curated Threat Profile: KillSec & “APT73”. These represent ransomware operations that are recent newcomers to the global top 10 list for monthly claimed victims.