BianLian is a financially motivated cybercriminal group that originated as an Android banking trojan in 2019 before transitioning to a ransomware strain in July 2022. The group, which is likely based in Russia with multiple Russia-based affiliates, quickly adapted its operations, initially employing a double-extortion model involving both data encryption and exfiltration. Following the release of a public decryptor in early 2023, BianLian swiftly pivoted its strategy to focus primarily on data exfiltration and extortion without encryption, a method it exclusively adopted by January 2024. This adaptability, reflected in its name derived from the Chinese 'face-changing' art, distinguishes BianLian as it continuously evolves its tactics and procedures to maintain operational effectiveness and pressure victims into paying ransoms.

URLs nuevas detectadas en IntelTracker