BianLian

For the ancient Chinese dramatic art, see Bian Lian.

BianLian is a cybercriminal ransomware group, presumably based in Russia, which has targeted Critical National Infrastructure (CNI) in the US and private enterprises in Australia and the UK since June 2022,^[1][2][3][4] specializing since 2023 in encryption-based extortion. ^[5][3] (It had previously used the more labor-intensive double-extortion model.) Valid Remote Desktop Protocol credentials are used to gain access to systems.^[6][3] On 20 November 2024, FBI, United States’ Cyber Security and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint security advisory concerning the BianLian group.^[6][3] Such has been its noterierty that on 6 March 2025 the FBI and its Internet Crime Complaint Center (IC3) issued an advisory bulletin about unknown actors claiming to be BianLian.^[7]

See also

• Conti (ransomware)