
Gentlemen Ransomware
Gentlemen ransomware uses credential abuse, defense evasion, and double extortion tactics to compromise enterprise environments and increase pressure on victims.

QuimaRAT is a newly identified Java-based Remote Access Trojan (RAT) that is being marketed under a Malware-as-a-Service (MaaS) model, and providing threat actors with a cross-platform remote access framework capable of targeting Windows, Linux, and macOS systems. As opposed to many traditional RATs that focus on a single operating system, QuimaRAT was designed from the outset to support multiple platforms through a modular architecture that allows operators to dynamically expand functionality using encrypted plugins delivered from its command and control infrastructure. Researchers observed that the malware suite includes not only the RAT itself, but also a dedicated builder, loader, and dropper capable of generating numerous payload formats to support a wide variety of delivery methods. It is worthy to note that QuimaRAT lowers the barrier to entry for cybercriminals by offering subscription-based access, allowing less sophisticated operators to leverage advanced remote access capabilities without developing their own malware.

Gentlemen ransomware uses credential abuse, defense evasion, and double extortion tactics to compromise enterprise environments and increase pressure on victims.

TeamPCP is exploiting trusted npm and PyPI packages to compromise developer environments, steal credentials, and extend attacks across software supply chains.

An Iranian aligned threat group conducting destructive and espionage focused cyber operations against organizations in Israel and Western countries.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.