logo

The Gentlemen Ransomware Targets Large Corporations and Critical Infrastructure Worldwide

ID: e41019d9-e6d8-5c3d-856c-8f3a5200517e

STIX ID: report--e41019d9-e6d8-5c3d-856c-8f3a5200517e

Feed Name: GBHackers

Threat Score
85/100

Date Published: 2026-07-01

Date Updated: 2026-07-02

Author: Mayura Kathir

...
...

The report profiles "The Gentlemen," a technically sophisticated RaaS operation that rapidly scaled in 2026 to target large enterprises and critical infrastructure worldwide; it details their initial access methods (exposed VPNs/firewalls, credential compromise, purchased access), AD-focused reconnaissance and lateral movement (SharpADWS, GPO-based propagation, PsExec), kernel-level evasion via abused vulnerable drivers (BYOVD), custom Go and C tooling (Yamux C2, Go ransomware with modern cryptography), and observed victim sectors and geographies.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.