Gentlemen Ransomware Exploits Fortinet Flaws, AI, and Custom C2 Tools

Leaked Rocket.Chat logs attributed to The Gentlemen ransomware group reveal continued operator reuse across major ransomware brands and show active exploitation of Fortinet edge devices (including CVE-2024-55591), widespread brute-force of ~1,000 VPNs using weak credentials, use of AI for social engineering, proprietary C2 tooling (G-BOT), advanced EDR-evasion techniques, hypervisor-level VM encryption, credential harvesting and data exfiltration to cloud storage — collectively demonstrating high-risk, ongoing ransomware operations.