The BianLian ransomware group has reportedly targeted MOOver, boasting access to a substantial 1.1 terabytes of the organization’s data. Despite the significant claim, the official website of MOOver.com remains fully accessible, raising questions about the authenticity of the cyberattack. MOOver.com, known for its user-friendly platform catering to diverse industries, is currently facing uncertainties regarding the motives behind the attack as the hackers have not disclosed specific details. BianLian, recognized for its swift encryption and coded in Golang, has previously targeted organizations globally, employing infiltration techniques and engaging in data exfiltration through various means.
BianLian ransomware, active since Q4, has established a reputation as one of the fastest in the market, utilizing advanced encryption techniques. In October 2023, the group added four victims to its dark web portal, including Griffing & Company, P.C., Dow Golub Remels & Gilbreath, International Biomedical, and Jebsen Group. Despite the claims of attacks, the websites of these alleged victims remain operational, showing no immediate signs of compromise. In December 2022, the Australian Real Estate Group (AREG) also fell victim to BianLian, with the cybercriminals demanding a $5 million ransom and sharing compressed folders containing sensitive company data. The Cybersecurity and Infrastructure Security Agency (CISA) has warned of BianLian’s track record, targeting critical infrastructure sectors in the U.S. since June 2022.
BianLian’s infiltration techniques involve exploiting valid Remote Desktop Protocol (RDP) credentials, allowing them access to victim systems. Using open-source tools and command-line scripting, the group engages in discovery, credential harvesting, and ultimately exfiltrates victim data through various channels such as File Transfer Protocol (FTP), Rclone, or Mega. Despite the claims made by the ransomware group, the operational status of MOOver.com’s website adds a layer of uncertainty to the extent and impact of the reported cyberattack.