Ransomware, Email security

Illicit SVG images harnessed by BianLian ransomware gang

HackRead reports that intrusions with fake invoice or budget SVG images have been launched by the BianLian ransomware operation against organizations across Venezuela as part of a new attack campaign.

BianLian has distributed phishing emails with SVG files with concealed XML code, which facilitates a connection with an external URL to download an illicit artifact to the targeted system upon opening, according to a WatchGuard analysis. Attacks also involved the exploitation of the ja.cat service for link shortening that enabled traffic redirection to several hacked Brazilian domains and the eventual delivery of a clandestine Go-based Windows program, which not only tracks the usage of the Wine analysis tool but also scans for GODEBUG and other internal settings, while also leveraging high-speed AES encryption.

Organizations have been urged to defend their systems by immediately blocking several suspicious domains. Such a development comes after a similar attack campaign with fraudulent judicial portals was launched against Colombia.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds