Researchers have uncovered a command-and-control server tied to SystemBC, a notorious proxy malware, revealing a staggering 1,570+ victims of The Gentlemen ransomware-as-a-service operation. This malware establishes SOCKS5 network tunnels, enabling threat actors to remotely access and control compromised systems. The discovery of this botnet suggests that The Gentlemen operation has been more extensive than initially thought, with SystemBC playing a crucial role in its deployment. Check Point's research sheds light on the tactics, techniques, and procedures (TTPs) employed by the threat actors, including the use of SystemBC to gain unauthorized access to victim networks1. The scale of this operation underscores the need for organizations to bolster their defenses against proxy malware and ransomware attacks. This matters to security practitioners because it highlights the importance of monitoring for SystemBC and other proxy malware to prevent The Gentlemen ransomware from gaining a foothold in their networks.
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
⚠️ Critical Alert
Why This Matters
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC.
References
- The Hacker News. (2026, April 21). SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation. *The Hacker News*. https://thehackernews.com/2026/04/systembc-c2-server-reveals-1570-victims.html
Original Source
The Hacker News
Read original →