LOADING

Type to search

BianLian Hackers Up Their Game: New Ransomware Tactics Target TeamCity Servers

Cybersecurity News

BianLian Hackers Up Their Game: New Ransomware Tactics Target TeamCity Servers

Share
BianLian Hackers Up Their Game: New Ransomware Tactics Target TeamCity Servers

The BianLian ransomware group, known for its focus on extortion, has been observed exploiting vulnerabilities in JetBrains TeamCity software to deploy malicious PowerShell backdoors. This finding highlights BianLian’s ability to adapt and adopt new techniques to infiltrate target networks.

GuidePoint Security researchers discovered a recent BianLian attack that began with exploiting a vulnerability (CVE-2024-27198 or CVE-2023-42793) in a TeamCity server. This initial breach allowed the attackers to create user accounts and execute malicious commands.

Following this initial foothold, the attackers used legitimate tools like WinPthy to execute commands and BITSAdmin to deploy a malicious PowerShell script (web.ps1) along with communication tools to connect with their command and control (C2) server.

PowerShell Backdoor Deployment

While BianLian traditionally uses custom Go-based backdoors, this instance involved a PowerShell backdoor. This backdoor, though obfuscated, was deconstructed by GuidePoint researchers. Analysis revealed functionalities similar to BianLian’s Go backdoor, including network connections, execution of commands, and asynchronous operations for stealth.

Attribution to BianLian

Researchers linked the PowerShell backdoor to BianLian by analyzing communication parameters and cross-referencing IP addresses with known BianLian infrastructure. Additionally, Microsoft’s AV signature Win64/BianDoor.D further solidified this attribution.

Importance of Proactive Security

This incident underscores the importance of prioritizing security practices like patching vulnerabilities, having a robust incident response plan, and incorporating threat intelligence into penetration testing. Implementing a proactive security posture along with effective response capabilities is crucial to defend against evolving tactics used by BianLian and other cyber adversaries.

Author

  • Maya Pillai is a tech writer with 20+ years of experience curating engaging content. She can translate complex ideas into clear, concise information for all audiences.

    View all posts
Tags:
Maya Pillai

Maya Pillai is a tech writer with 20+ years of experience curating engaging content. She can translate complex ideas into clear, concise information for all audiences.

  • 1

1 Comment

  1. Ira Rubin October 26, 2024

    Well I definitely enjoyed studying it. This subject provided by you is very helpful for proper planning.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *