Huntress Acquires Inside Agent: A New Era for Identity Protection
Portal LoginSupportContact
Search
Portal LoginSupportContact
Search
Get a Demo
Free Trial
HomeThreat Actors
BianLian
Threat Actor Profile

BianLian

BianLian is a ransomware and data extortion group, first observed in June 2022. Likely based in Russia, the group targets critical infrastructure sectors in the U.S. and Australia. Known for their exfiltration-based extortion tactics, BianLian has shifted away from encrypting systems, focusing instead on data theft and extortion.

Threat Actor Profile

BianLian

Country of Origin

BianLian is likely based in Russia, with evidence pointing to Russia-based affiliates. However, no definitive confirmation exists.

Members

The exact size and composition of the group are unknown. It is assumed to be a small, organized team with specialized roles in ransomware development, deployment, and extortion.

Leadership

The leadership of BianLian remains unknown. No aliases or specific individuals have been publicly identified.

BianLian TTPs

Tactics

BianLian primarily focuses on exfiltration-based extortion, targeting sensitive data to pressure victims into paying ransoms.

Techniques

  • Gaining access via compromised Remote Desktop Protocol (RDP) credentials.

  • Using open-source tools like PowerShell and command-line scripting for discovery and credential harvesting.

  • Exfiltrating data via FTP, Rclone, or Mega.

Procedures

  • Deploying custom backdoors written in Go for persistence.

  • Disabling antivirus tools and tamper protection.

  • Threatening victims with data leaks on the dark web if ransoms are not paid.

Want to Shut Down Threats Before They Start?

Schedule a Demo Todayright arrow

Notable Cyberattacks

  • Since 2022, BianLian has executed numerous attacks on critical infrastructure in the U.S. and Australia.

  • The group has been particularly active in the healthcare sector, exploiting RDP vulnerabilities to gain access.

Law Enforcement & Arrests

No arrests or significant law enforcement actions against BianLian have been reported to date.

How to Defend Against BianLian

1

Limit RDP usage and enforce strong access controls.

2

Implement phishing-resistant multifactor authentication (MFA).

3

Regularly update and patch systems.

4

Use endpoint detection and response (EDR) tools to monitor for unusual activity.



Schedule a Demo

References

Detect, Respond, Protect

See how the global Huntress SOC can augment your team
with 24/7 coverage and unmatched human expertise.
Start your free trial today.

Try Huntress for Free