logo

The Gentlemen are knocking: сustom backdoors and evolving tactics

ID: 557cf279-ddf1-521a-b901-43c8485a7d17

STIX ID: report--557cf279-ddf1-521a-b901-43c8485a7d17

Feed Name: Securelist by Kaspersky

Threat Score
78/100

Date Published: 2026-06-29

Date Updated: 2026-07-02

Author: Fatih Şensoy, Maher Yamout

...
...

**Executive summary:** The report details 'The Gentlemen', a ransomware-as-a-service group actively targeting large organizations and critical infrastructure globally; it documents initial access methods (vulnerable internet-facing devices, leaked/default credentials, and IAB collaboration), internal reconnaissance and lateral movement tools (SharpADWS, NetScan, deploy_gpo.ps1, PsExec), security bypass techniques (BYOVD, vulnerable drivers, registry/PowerShell disables), custom Go and C ransomware/backdoor implants (including encryption schemes, parameters, and anti-sandbox password), and provides multiple indicators of compromise (binaries, driver hashes, file paths, and a backdoor C2 IP).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.