u/Malwarebeasts

▲ 24 r/blackhat+2 crossposts

a leak from "the gentleman" ransomware group confirms Infostealers were often used to establish initial access

A recent internal data leak from “The Gentlemen” ransomware-as-a-service (RaaS) group has provided the cybersecurity community with a rare, unfiltered look into their daily operations. Exposed on underground forums, the internal communications shed light on exactly how ransomware affiliates organize, breach, and extort global organizations.

But among the many technical details revealed in Checkpoint Research’s comprehensive analysis (“Thus Spoke… The Gentlemen”), one operational pattern stands out prominently: their heavy reliance on infostealer credential logs for initial access.

infostealers.com

u/Malwarebeasts — 9 days ago

▲ 8 r/blackhat+2 crossposts

Ransomware.live launches a public dashboard that quantifies exactly how many victims of specific ransomware groups had prior Infostealer infections (Lumma, Redline, etc.) on their networks before the breach. Just recently Coinbase Cartel, one of the most active ransomware groups, was discovered to be using Infostealers as their initial access vector to hack 100+ companies

u/Malwarebeasts — 16 days ago

▲ 14 r/pwnhub+1 crossposts

u/Malwarebeasts — 23 days ago