"SystemBC establishes SOCKS5 network tunnels within the victim's environment and connects to its C&C server using a custom RC4‑encrypted protocol. It can also download and execute additional malware, with payloads either written to disk or injected directly into memory."
"By tailoring their tactics against specific security vendors, The Gentlemen have demonstrated an acute awareness of their targets' environments and a willingness to engage in in-depth reconnaissance and tool modification throughout the course of their operation."
The Gentlemen ransomware group has emerged as a significant threat since July 2025, claiming over 320 victims. They utilize SystemBC malware to establish SOCKS5 network tunnels and connect to command-and-control servers. The group operates under a double-extortion model, targeting various systems and employing advanced techniques for initial access, including the abuse of Group Policy Objects. Their tactics demonstrate a deep understanding of their targets, allowing for effective reconnaissance and tool modification to evade defenses.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]