SystemBC C2 reveals 1,570+ victims in The Gentlemen operation — scale and tactics

Colleagues, please note: Check Point has uncovered SystemBC C2 linked to RaaS group The Gentlemen and over 1,570 compromised networks.
- SystemBC deploys SOCKS5 tunnels, communicates via RC4, and can download/execute additional payloads.
- The Gentlemen employ double‑extortion, target Windows, Linux, NAS and BSD, and abuse GPOs for domain propagation.
- Attacks include Defender disablement via PowerShell, privilege escalation, use of Cobalt Strike; an ESXi variant terminates VMs and establishes persistence.
Why it matters: this is a large-scale operation requiring tightened perimeter defenses and enhanced monitoring.
What initial steps would you recommend?
#cybersecurity #ransomware #infosec #threatintelligence


Latest comments
No comments yet.