OTX Bot1d ago

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

A new phishing campaign is targeting TikTok for Business accounts using adversary-in-the-middle (AitM) techniques. The attackers employ Cloudflare Turnstile to evade detection and create convincing lookalike pages impersonating TikTok for Business or Google Careers. Victims are tricked into clicking malicious links, leading to credential theft. The campaign aims to seize control of business accounts, which can be used for malvertising and malware distribution. Multiple domains are involved in hosting the phishing pages. Additionally, a separate campaign using SVG file attachments to deliver malware has been observed in Venezuela, with potential links to BianLian ransomware activity.

Pulse ID: 69c6d346df59de3f16b61387
Pulse Link: https://otx.alienvault.com/pulse/69c6d346df59de3f16b61387
Pulse Author: AlienVault
Created: 2026-03-27 18:58:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AdversaryInTheMiddle #AitM #BianLian #Cloud #CyberSecurity #Google #InfoSec #Malvertising #Malware #OTX #OpenThreatExchange #Phishing #RAT #RansomWare #SVG #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Hackread.com1d ago

BianLian ransomware targets companies by using fake invoice SVG image files that secretly download malware and encrypt data at high speed. A simple image can now compromise an entire network.

Read: https://hackread.com/bianlian-ransomware-fake-invoice-svg-images-attacks/

#CyberSecurity #BianLian #Ransomware #Phishing #Malware

BianLian Ransomware Spreads via Fake Invoice SVG Images in New Attacks

BianLian ransomware targets Venezuelan companies with phishing emails using malicious SVG image files to deploy fast AES ransomware attacks.

Hackread - Cybersecurity News, Data Breaches, AI and More
Thế Giới Trong Tầm TayDec 30
Khám phá nghệ thuật "Bianlian" - ma thuật thay đổi khuôn mặt ở Thành Đô! Với thời gian và sự bí ẩn, những nghệ sĩ làm cho bạn không thể chớp mắt với những màn biểu diễn sống động. Đừng bỏ lỡ trải nghiệm độc đáo này khi đến Tứ Xuyên! #Bianlian #ThànhĐô #VănHóaTrungQuốc https://ift.tt/N2kxfrj
Chớp Mắt Là Bỏ Lỡ: Ma Thuật Thay Đổi Khuôn Mặt Của Thành Đô - Thế Giới Trong Tầm Tay

Khám phá ma thuật của bianlian – nghệ thuật thay đổi khuôn mặt trong Kinh kịch Tứ Xuyên – được tái hiện sống động tại các quán trà ở Thành Đô. Một màn trình diễn không thể bỏ lỡ.

Thế Giới Trong Tầm Tay - Thế giới của bạn, tin tức của bạn, cách bạn muốn
Dissent Doe  Jun 28, 2025

NEW: Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024:

https://databreaches.net/2025/06/28/texas-centers-for-infectious-disease-associates-notifies-individuals-of-data-breach-in-2024/

#HealthSec #databreach #cybersecurity #thirdparty #businessassociate #BianLian

The Threat CodexApr 10, 2025
Shifting the sands of RansomHub’s EDRKillShifter
#EDRKillShifter #MedusaRansomware #PLAY #BianLian #RansomHub
https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/
Shifting the sands of RansomHub’s EDRKillShifter

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play.

RansomLookMar 31, 2025
New post from #Bianlian : Meridian Senior
More at : https://www.ransomlook.io/group/Bianlian #Ransomware
bianlian details

RansomLookMar 31, 2025
New post from #Bianlian : Saunders And Saunders
More at : https://www.ransomlook.io/group/Bianlian #Ransomware
bianlian details

RansomLookMar 31, 2025
New post from #Bianlian : Cmc Technology Group
More at : https://www.ransomlook.io/group/Bianlian #Ransomware
bianlian details

RansomLookMar 31, 2025
New post from #Bianlian : Sonrisas Dental Health
More at : https://www.ransomlook.io/group/Bianlian #Ransomware
bianlian details

ESET ResearchMar 26, 2025
#ESETresearch discovered previously unknown links between the #RansomHub, #Medusa, #BianLian, and #Play ransomware gangs, and leveraged #EDRKillShifter to learn more about RansomHub’s affiliates. @SCrow357 https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/
RansomHub emerged in February 2024 and in just three months reached the top of the ransomware ladder, recruiting affiliates from disrupted #LockBit and #BlackCat. Since then, it dominated the ransomware world, showing similar growth as LockBit once did.
Previously linked to North Korea-aligned group #Andariel, Play strictly denies operating as #RaaS. We found its members utilized RansomHub’s EDR killer EDRKillShifter, multiple times during their intrusions, meaning some members likely became RansomHub affiliates.
BianLian focuses on extortion-only attacks and does not publicly recruit new affiliates. Its access to EDRKillShifter suggests a similar approach as Play – having trusted members, who are not limited to working only with them.
Medusa, same as RansomHub, is a typical RaaS gang, actively recruiting new affiliates. Since it is common knowledge that affiliates of such RaaS groups often work for multiple operators, this connection is to be expected.
Our blogpost also emphasizes the growing threat of EDR killers. We observed an increase in the number of such tools, while the set of abused drivers remains quite small. Gangs such as RansomHub and #Embargo offer their killers as part of the affiliate program.
IoCs available on our GitHub: https://github.com/eset/malware-ioc/tree/master/ransomhub
Shifting the sands of RansomHub’s EDRKillShifter

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play.