216.73.216.78

Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed

· Published 09/09/2025 11:34 · Modified 09/09/2025 22:08

Export JSON

Essential information

Published
09/09/2025 11:34
Modified
09/09/2025 22:08
Tags
2025-09-09 custom tools data exfiltration defense evasion driver abuse enterprise targeting group policy manipulation lateral movement ransomware the gentlemen ransomware
Related entities
1 intrusion sets (apt), 13 techniques (mitre), 6 others

Description

group has emerged as a sophisticated threat actor targeting multiple industries across 17 countries, with a focus on the Asia-Pacific region. Their campaign demonstrates advanced capabilities, including the use of to bypass enterprise endpoint protections, exploitation of legitimate drivers, , and encrypted . The group's tactics involve thorough reconnaissance, adaptive techniques, and systematic compromise of enterprise environments. They have shown the ability to tailor their approach based on the specific security solutions encountered, highlighting a significant evolution in operations. The attackers leveraged various tools and techniques for , persistence, and deployment, including the abuse of privileged domain accounts and Group Policy Objects.

External references