In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that pose a high risk.
Therefore, to prevent your company from falling prey to opportunists looking for such low-hanging companies to attack, Group-IB’s Threat Intelligence Team decided to write a very straightforward report on TTPs of The Gentlemen; whose TTPs overlap with techniques of other financially motivated threat actors conducting intrusions for extortion. The information shared in this blog comes from intrusion analysis and underground private sources monitored by Group-IB’s Threat Intelligence Team. Thus, the information has a high confidence level.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack
July 26, 2025
U.S. insurance giant Allianz Life has confirmed to TechCrunch that hackers stole the personal information of the “majority” of its customers, financial professionals, and employees during a mid-July data breach. When reached by TechCrunch, Allianz Life spokesperson Brett Weinberg confirmed the breach. “On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based ...
- Dating safety app Tea breached, exposing 72,000 user images
July 26, 2025
Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images. That number includes 13,000 selfies and photo IDs submitted for account verification, as well as 59,000 images from posts, comments, and direct messages, the company ...
- Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful
July 25, 2025
Unit 42 has tracked and responded to several waves of intrusion operations conducted by the cybercrime group we track as Muddled Libra (aka Scattered Spider, UNC3944) across different sectors in recent months. This article contains observations on Muddled Libra thus far in 2025 based on Unit 42 incident response insights. Unit 42 researchers share defensive recommendations ...
- ToolShell: a story of five vulnerabilities in Microsoft SharePoint
July 25, 2025
On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were performed using an exploit chain of two vulnerabilities: CVE-2025-49704 and CVE-2025-49706, publicly named “ToolShell”. Additionally, ...
- Mitel Releases Security Advisories for MiVoice MX-One and MiCollab
July 24, 2025
Mitel has released security advisories to address vulnerabilities in Mitel MiVoice MX-ONE and MiCollab, which are cloud-based platforms that help manage business communications. The critical vulnerability, which has no CVE identifier at the time of publishing this Cyber Alert, affects Mitel MiVoice MX-One and is an authentication bypass vulnerability with a CVSSv3 score of 9.4. Successful ...
- Disrupting active exploitation of on-premises SharePoint vulnerabilities
July 23, 2025
Expanded analysis and threat intelligence from Microsoft continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware. Based on new information, we have updated the Attribution, Indicators of compromise, extended and clarified Mitigation and protection guidance (including raising Step 6: Restart IIS for emphasis), Detections, and Hunting sections. Read more… Source: Microsoft Sign up for ...