🚨 A new ransomware operation, The Gentlemen, has emerged following an affiliate split revealing how threat actors evolve from partners to independent operators while retaining advanced tooling, infrastructure, and access pipelines.

Our latest analysis explores how this group is operationalizing large-scale attacks by combining exploited network devices, credential harvesting, and advanced defense evasion techniques.

What the blog covers:
🔹The origins of The Gentlemen and its connection to a prior affiliate dispute on the RAMP forum
🔹Systematic exploitation of CVE-2024-55591 to compromise FortiGate devices, with an observed inventory of approximately 14,700 exposed systems offered to affiliates
🔹Operational tooling for credential harvesting and lateral movement (NetExec, Impacket, DonPAPI)
🔹Defense evasion via Bring-Your-Own-Vulnerable-Driver (BYOVD) techniques to disable EDR/AV protections at kernel level

Read the full technical analysis.

#ThreatIntel #Ransomware #CyberSecurity