Gentlemen ransomware operators have integrated SystemBC proxy malware into their attack arsenal, according to findings from a recent campaign investigation. The discovery revealed a botnet of over 1,570 infected hosts, primarily corporate systems.
Security researchers uncovered the connection while analyzing a Gentlemen ransomware attack attributed to a gang affiliate. SystemBC, a proxy malware used for command-and-control communications, enables attackers to mask their infrastructure and maintain persistent access to compromised networks.
The identified botnet spans more than 1,570 hosts believed to be corporate victims. This integration represents an escalation in Gentlemen's operational capabilities, allowing the group to distribute malware more effectively and coordinate multi-stage attacks.
SystemBC's role as a proxy service makes it particularly valuable for ransomware operations, as it obscures attacker infrastructure and complicates attribution efforts. The combination of Gentlemen's encryption capabilities with SystemBC's distribution network strengthens the threat actor's ability to penetrate enterprise environments and establish persistent footholds before deploying ransomware payloads.
Organizations should prioritize detection of SystemBC indicators and monitor for suspicious proxy communications within their networks.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.
Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.
Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.