The Gentlemen Ransomware Targets Large Corporations and Critical Infrastructure Worldwide
ID: e41019d9-e6d8-5c3d-856c-8f3a5200517e
STIX ID: report--e41019d9-e6d8-5c3d-856c-8f3a5200517e
Feed Name: GBHackers
The report profiles "The Gentlemen," a technically sophisticated RaaS operation that rapidly scaled in 2026 to target large enterprises and critical infrastructure worldwide; it details their initial access methods (exposed VPNs/firewalls, credential compromise, purchased access), AD-focused reconnaissance and lateral movement (SharpADWS, GPO-based propagation, PsExec), kernel-level evasion via abused vulnerable drivers (BYOVD), custom Go and C tooling (Yamux C2, Go ransomware with modern cryptography), and observed victim sectors and geographies.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
