BianLian Hacks Top Nonprofit, Threatens Data Release
No attachments for this post
Cybercrime group BianLian claims to have infiltrated the IT infrastructure of a leading nonprofit, purporting to have seized a vast amount of files, encompassing financial, health, and medical data.
Today, both VX-Underground and Emsisoft threat analyst Brett Callow highlighted that the targeted organization described by BianLian on their site seems to be Save The Children International. This renowned NGO, established in 1919, boasts assisting over a billion children and employs approximately 25,000 individuals.
Describing its target as "the world's premier nonprofit," BianLian indicated that the organization operates across 116 countries, generating $2.8 billion in revenue. The cybercriminals allege to have acquired 6.8TB of data, encompassing international HR documents, personal information, and over 800GB of financial records, alongside emails and medical records.
It's assumed that BianLian will potentially leak or auction this information if their ransom demands aren't fulfilled. Save The Children has yet to comment on these claims.
While all the claims made by the culprits haven't been authenticated, the cybercriminal group deserves stringent consequences. Targeting a nonprofit, especially one dedicated to children's well-being, is a new low, even for cybercriminals. But for BianLian, such actions aren't surprising.
BianLian, active since June 2022, is notorious for its attacks on the healthcare and critical infrastructure sectors. Originally operating on a double-extortion model—encrypting systems, stealing data, and threatening leaks—by early this year, the group pivoted to pure extortion, excluding the encryption process.
Using the contemporary Go programming language, they manage to bypass specific endpoint protection tools. In May, joint alerts from US and Australian cyber agencies warned entities to exercise caution with remote desktop services to evade BianLian's malicious tactics.
Given the group's known tactics and the recent alleged breach of Save The Children, it's a timely reminder for organizations to strengthen their remote desktop security to stave off potential attacks from BianLian.
Below is the statement released by Save the Children:
Save the Children International recently experienced an IT incident involving unauthorised access to part of our network. There has been no operational disruption and the organisation continues to function as normal to build a better future for children across the world.
We are working hard with external specialists to understand what happened and what data was impacted so we can take all the appropriate next steps. This process is complex and takes time, but remains our absolute priority. Our systems are also secured, and we are confident in the ongoing integrity of our IT infrastructure.
These types of incidents are a reality that all organisations face, but it is disappointing that Save the Children, whose core purpose is to help those most in need, is also subject to such unwarranted activity. Our investigation is ongoing, and we will continue to work with the relevant authorities. We will get to the bottom of this, and we thank all our staff and supporters for their patience and understanding in the meantime.
Comments on this post
No comments have been added for this post.
You must be logged in to make a comment.