Mastodawn

The #Gentlemen #ransomware now uses #SystemBC for bot-powered attacks

https://www.bleepingcomputer.com/news/security/the-gentlemen-ransomware-now-uses-systembc-for-bot-powered-attacks/

The Gentlemen ransomware now uses SystemBC for bot-powered attacks

A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate.

BleepingComputer

The Threat Codex Apr 21

DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
#TheGentlemen #SystemBC
https://research.checkpoint.com/2026/dfir-report-the-gentlemen/

DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy - Check Point Research

Key Points The Gentlemen RaaS The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration testers (and other technically skilled actors) to join as affiliates. The RaaS provides affiliates with multi‑OS lockers for Windows, Linux, […]

Check Point Research

CyberNetsecIO Apr 21

📰 Gentlemen RaaS Expands with SystemBC Botnet for Covert Attacks

Gentlemen RaaS is upgrading its toolkit, using the SystemBC botnet for covert SOCKS5 proxying. The combo enables stealthy C2 and payload delivery for attacks on Windows, Linux, and ESXi. 💣 #Ransomware #SystemBC #Gentlemen #CyberSecurity

🔗 https://cyber.netsecops.io/articles/gentlemen-raas-leverages-systembc-botnet-for-widespread-attacks/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Gentlemen RaaS Expands with SystemBC Botnet for Covert Attacks

The Gentlemen ransomware-as-a-service (RaaS) operation has been linked to the SystemBC proxy malware botnet, enabling affiliates to conduct more stealthy and resilient attacks.

CyberNetSec.io

Analyst207 Apr 21

Gentlemen Ransomware Spreads Rapidly Through Affiliate Network

Gentlemen Ransomware is spreading rapidly through its affiliate network, fueling a surge in multi-platform attacks and infections linked to the malicious tool SystemBC. This ransomware-as-a-service operation is making it alarmingly easy for cybercriminals to join the fray and wreak havoc.

https://osintsights.com/gentlemen-ransomware-spreads-rapidly-through-affiliate-network?utm_source=mastodon&utm_medium=social

#Ransomware #GentlemenRansomware #Ransomwareasaservice #AffiliateNetwork #Systembc

Gentlemen Ransomware Spreads Rapidly Through Affiliate Network

Learn how Gentlemen ransomware spreads rapidly through its affiliate network and what it means for cybersecurity, read the latest infosec updates now and stay protected.

OSINTSights

Analyst207 Apr 20

Gentlemen Ransomware Gang Taps SystemBC for Botnet Attacks

Imagine your business's infrastructure being hijacked and turned into a fleet of malicious proxies - it's a harsh reality that's now hitting home for over 1,570 corporate victims who've fallen prey to the Gentlemen ransomware gang's SystemBC botnet attacks. Their compromised systems are being used to run proxy services for…

https://osintsights.com/gentlemen-ransomware-gang-taps-systembc-for-botnet-attacks?utm_source=mastodon&utm_medium=social

#GentlemenRansomware #Systembc #BotnetAttacks #RansomwareOperations #MalwareOperations

Gentlemen Ransomware Gang Taps SystemBC for Botnet Attacks

Learn how Gentlemen ransomware gang uses SystemBC for botnet attacks and defend your business from malicious proxies, discover effective security measures now.

OSINTSights

The Threat Codex Mar 26

Operation Storming Tide: A massive multi-stage intrusion campaign
#Mora_001 #Matanbuchus #SystemBC
https://fortgale.com/blog/defence/operation-storming-tide/

Operation Storming Tide: A massive multi-stage intrusion campaign

In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabilities. The campaign, internally dubbed "FortiSync Quasar," revealed an evolution from ransomware operations to strategic espionage, deploying Matanbuchus 3.0, Astarion RAT, and SystemBC. Rapid containment prevented any data exfiltration.

Fortgale Blog

The Threat Codex Feb 5

Silent Push Identifies More Than 10,000 Infected IPs as Part of SystemBC Botnet Malware Family
#SystemBC
https://www.silentpush.com/blog/systembc/

Silent Push Identifies More Than 10,000 Infected IPs as Part of SystemBC Botnet Malware Family

Silent Push Preemptive Cyber Defense Analysts identified more than 10,000 unique infected IP addresses associated with the SystemBC botnet.

Silent Push

TechNadu Feb 4

SystemBC infections now exceed 10,000 IPs globally, including systems linked to government hosting.

Silent Push also uncovered a stealthy Linux-targeting Perl variant with zero AV detections.

https://www.technadu.com/systembc-infections-exceed-10000-including-systems-linked-to-government-hosting/619549/

Thoughts?
#ThreatIntel #Malware #SystemBC #Ransomware

The Threat Codex Sep 18, 2025

SystemBC – Bringing the Noise
#SystemBC #REMProxy
https://blog.lumen.com/systembc-bringing-the-noise/

SystemBC: Bringing the noise

Understand how the SystemBC botnet utilizes VPS networks to create powerful proxies for criminal threat groups and malicious activities.

Lumen Blog

The DefendOps Diaries Sep 18, 2025

A single infected VPS is now pumping out 16GB of proxy traffic a day—turning servers into a cybercrime highway. How is SystemBC reshaping the threat landscape? Read on to uncover the full story.

https://thedefendopsdiaries.com/systembc-malware-transforming-infected-vps-systems-into-a-proxy-highway/

#systembc
#malware
#vpssecurity
#botnet
#cybercrime
#proxy
#infosec
#threatintelligence
#cybersecurity

SystemBC Malware: Transforming Infected VPS Systems into a Proxy Highway

Discover how SystemBC malware exploits vulnerable VPS systems to create a global proxy network, fueling cybercrime and evading law enforcement.

The DefendOps Diaries