SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
Summary
Threat actors linked to the Gentlemen ransomware operation have been observed deploying the SystemBC proxy malware. Research has revealed a botnet of over 1,570 victims through a SystemBC command-and-control server, which establishes SOCKS5 network tunnels.
IFF Assessment
FOE
The discovery of a large botnet and its use in a ransomware operation indicates an increased threat and potential for further attacks against organizations.
Defender Context
This highlights the continued threat of ransomware-as-a-service operations and the use of proxy malware like SystemBC to facilitate C2 communication and potentially evade detection. Defenders should be aware of SystemBC's capabilities and ensure their network security measures can detect and block such tunneling activities.