An Overview of The Gentlemen's TTPs
Essential information
- Published
- 20/03/2026 09:24
- Modified
- 20/03/2026 08:46
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- babuk babyk credential-theft cve-2023-27532 cve-2024-37085 cve-2024-55591 cve-2025-32463 data-exfiltration defense-evasion exploit fortios lateral-movement lockbit 5.0 medusa qilin raas ransomware the gentlemen vasa locker
- Tags
- 2026-03-20 CVE-2023-27532 CVE-2024-37085 CVE-2024-55591 CVE-2025-32463 babuk babyk credential-theft data exfiltration defense evasion exploit fortios lateral movement lockbit 5.0 medusa qilin raas ransomware the gentlemen vasa locker
- Related entities
- 4 vulnerabilities (cve), 4 indicators, 4 observables, 1 intrusion sets (apt), 11 techniques (mitre), 7 malware
Description
This intelligence report provides a comprehensive analysis of The Gentlemen, a ransomware group known for its sophisticated tactics, techniques, and procedures (TTPs). The group exploits vulnerabilities in FortiOS/FortiProxy, maintains a database of compromised devices, and employs advanced defense evasion techniques. Their initial access methods include exploiting public-facing applications and brute-force attacks. The Gentlemen utilize various execution, persistence, and privilege escalation techniques, while also focusing on credential access and lateral movement. The group's impact includes data encryption and inhibiting system recovery. The report highlights the group's ongoing efforts to improve their ransomware capabilities by reverse-engineering other malware samples.