At a glance.
- Cyber agencies warn of BianLian ransomware.
- RA Group, a new ransomware gang using leaked Baduk-based ransomware.
- Chinese government-linked threat actors target TP-link routers with custom malware.
- ChatGPT-themed fleeceware.
- The CIA's offer to Russian officials may have had some takers.
- Ukraine is now a member of NATO's Cyber Centre.
Cyber agencies warn of BianLian ransomware.
Australian and US agencies, specifically the Australian Cyber Security Centre (ACSC), the US Federal Bureau of Investigation (FBI), and the US Cybersecurity and Infrastructure Security Agency (CISA), have issued a joint warning about BianLian ransomware. The criminal group behind it has been especially active against targets in Australia, but it represents a general threat. "The group gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials," the advisory says, adding that it "uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone, or Mega." BianLian had formerly used a double-extortion approach, but has recently shifted toward a model that relies solely on threats to release (as opposed to encrypt or destroy) the victim's data. "BianLian group engages in additional techniques to pressure the victim into paying the ransom; for example, printing the ransom note to printers on the compromised network. Employees of victim companies also reported receiving threatening telephone calls from individuals associated with BianLian group."