The Gentlemen ransomware group has expanded its reach to 478 victims, leveraging worm-like capabilities for rapid network propagation. Their evolution from an affiliate to an independent entity underscores the increasing sophistication of ransomware operations. Organizations must bolster their cybersecurity defenses to counter such advanced threats. #Ransomware #Cybersecurity #TheGentlemen #SystemBC #AI #CyberThreats thedailytechfeed.com/the-gen…

In the Check Point case, endpoint protection blocked the SystemBC execution — but analysis of the SystemBC C2 server (45.86.230[.]112) revealed a botnet of 1,570 active victims, predominantly corporate and organizational targets, with the United States, United Kingdom,…

Context vs Type: `91.107.247[.]163`: Cobalt Strike C2 (ports 443, 80) (vs Type IP) `45.86.230[.]112`: SystemBC C2 (1,570 victim botnet) (vs Type IP) `ThrottleBlood.sys`: BYOVD EDR killer (vs Type Driver filename)

SystemBC C2 Server Reveals 1,570 Victims in The Gentlemen Ransomware Operation dlvr.it/TSfb9Y #CyberSecurity #Ransomware #Malware #Hacking #ThreatIntelligence

Gentlemen Ransomware Expands Reach with SystemBC Botnet Targeting Corporate Networks cysecurity.news/2026/05/gent… #botnetcybersecurity #CobaltStrike #CyberSecurity

The Gentlemen RaaS rapidly scales with multi-platform encryption, using SystemBC and Cobalt Strike for lateral movement before domain-wide deployment via Group Policy. Active targeting of US 🇺🇸, UK 🇬🇧, and German 🇩🇪 enterprises. #DFIR_Radar

TRC analysis shows The Gentlemen ransomware group exploited internet-facing services and used SystemBC proxy malware for covert lateral movement across corporate networks. Their RaaS model enabled rapid expansion to 320 victims by early 2026. Runtime segmentation helps contain such post-compromise activity. #Ransomware 🔗 Full TRC analysis: aviatrix.ai/threat-research-…

SystemBC Infrastructure Breach Sheds Light on The Gentlemen Ransomware Network cysecurity.news/2026/04/syst… #BotnetActivity #CyberThreatsCommandAndControl #DataBreach

SystemBC C2 Server Reveals 1,570 Victims in The Gentlemen Ransomware Operation thehackernews.com/2026/04/sy…

The Gentlemen RaaS operation claims 320 victims since early 2026, using Go-based cross-platform encryptors and SystemBC proxy malware. #DFIR_Radar

A ransomware C2 server getting exposed is not the security win it looks like. It's evidence the infrastructure ran long enough to compromise 1,570 machines before anyone noticed. SystemBC works by tunnelling SOCKS5 proxies through victim networks: by the time you find the C2, the lateral movement is already done. Detection-after-compromise is a losing strategy. QuanChain's LQCp/h Oracle applies the same logic to cryptographic threats: it monitors quantum capability in real-time across seven threat levels (QTL-0 through QTL-6) and triggers automatic security escalation before a threshold is breached, not after. The harder question: how many chains are waiting to discover their cryptography was compromised, the same way those 1,570 victims waited to discover their networks were?

🚨 The Gentlemen ransomware operation linked to 1,570 compromised networks SystemBC proxy malware C2 infrastructure → large-scale botnet access, lateral movement, and ransomware deployment 💡 Lesson: Modern ransomware is modular and affiliate-driven — tools like SystemBC act as silent access layers before encryption hits ⚠️ Action: Monitor for SOCKS5 tunnels, unusual PowerShell/GPO activity, and block outbound C2 traffic early before lateral movement escalates thehackernews.com/2026/04/sy…

【ランサムウェア】The Gentlemen RaaSのC2サーバーから1,570件超の侵害企業が発覚——公表被害の5倍規模 Check Pointは、The Gentlemenランサムウェアの関連アフィリエイトがプロキシマルウェアSystemBCを展開しており、そのC2サーバーから1,570件を超える被害者ボットネットが発見されたと報告した。2025年7月の出現以来、The Gentlemenはデータリークサイトで320件以上の被害者を主張しているが、実際の侵害規模は公表の約5倍に達していることが判明した。 SystemBCは被害者環境内にSOCKS5ネットワークトンネルを確立し、独自のRC4暗号化プロトコルでC2サーバーに接続する。追加マルウェアのダウンロード・実行も可能で、ペイロードはディスクに書き込むかメモリ内に直接注入される。 攻撃チェーンでは、初期アクセス後にCobalt StrikeとSystemBCによる偵察・ラテラルムーブメントが行われ、グループポリシーオブジェクト（GPO）を悪用してドメイン全体を侵害する。ラテラルムーブメント中、ランサムウェアはPowerShellスクリプトで各リモートホストのWindows Defenderを無効化し、リアルタイム監視停止、広範な除外設定、ファイアウォール停止、SMB1再有効化、LSA匿名アクセス制御の緩和を実行する。 Check Pointの研究者は「オペレーターのサーバー内部から発見された1,570件超の侵害企業ネットワークは、まだニュースにもなっていない。この作戦の実際の規模は公に知られているよりはるかに大きく、今も拡大中である」と警告している。 thehackernews.com/2026/04/sy…

SystemBC C2 Server Reveals 1,570 Victims in The Gentlemen Ransomware Operation thehackernews.com/2026/04/sy…

🛑 A SystemBC-linked server exposed 1,570 infected systems, mostly corporate. An affiliate of The Gentlemen #ransomware used the proxy malware for covert access and staging—not all were confirmed ransomware victims. 🔗 Read → thehackernews.com/2026/04/sy…

Se descubrió la botnet "SystemBC" con más de 1.570 hosts. Se cree que son víctimas, a raíz de un ataque de ransomware Gentlemen. La operación "Gentlemen" (RaaS) surgió a mediados de 2025 y puede cifrar sistemas Windows, Linux, NAS, BSD e hipervisores ESXi. bleepingcomputer.com/news/se…

The Gentlemen RaaS grows rapidly in 2026, targeting 320 victims with multi-OS lockers in Go & C, using SystemBC and Cobalt Strike to control a 1,570 host botnet via GPO deployment and lateral movement. #TheGentlemen #SystemBC #MalwareAnalysis ift.tt/bMJFS0a

Latest Check Point Research publication, sneak pick at The Gentlemen RaaS providing actionable insights for DFIR teams. DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy #TheGentlemen #DFIR #RaaS #Ransomware

DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy - Check Point Research research.checkpoint.com/2026…

The Gentlemen ransomware now uses SystemBC for bot-powered attacks bleepingcomputer.com/news/se…