Hunting the Bian Lian Ransomware Gang

Presented at CactusCon 11 (2023), Jan. 27, 2023, 6 p.m. (60 minutes).

Bian Lian is a relatively new ransomware gang that began conducting aggressive operations in mid-2022. Uniquely the Bian Lian gang has been using custom malware written in general purpose code or golang. In this talk, we'll discuss hunting these threat actors from both an incident responder and threat analyst perspective. We'll cover the threat actor techniques and procedures and discuss some challenges in pursuing this group. We'll focus on undisclosed information from the research that the redacted team conducted before our September 2022 Bian Lian report. Additionally, newly discovered intelligence about the gang the redacted team has gathered after the report's recent release.

Presenters:

• Sean Pattee - [ redacted ]
  Redacted bio.
• Hallie Schukai - Threat Intelligence Analyst
  Hallie Schukai began her security journey at 16 years old, working in the digital identity space. Over the last 6 years, she has immersed herself in spaces like vulnerability management, third party risk, and threat intelligence. Currently working as a Threat Intelligence Analyst at [redacted], she is passionate about helping and educating others. She is to receive her graduate degree in Computer Science with a Cybersecurity focus in December 2022 from Arizona State University.

Links:

• https://cactuscon-11.sessionize.com/session/396903

Similar Presentations:

• Summercon 2023 / [REDACTED], a Presentation With an Elaborate Title
• BSidesLV 2023 / Gang Gang: Assembling and Disassembling a Ransomware Gang
• DEF CON 32 (2024) / Behind Enemy Lines: Going undercover to breach the LockBit Ransomware Operation