Ethical Hacking News
The Gentlemen group has risen to prominence by leveraging AI tools and infostealers in a ransomware operation that has achieved remarkable success, with 483 victims across 66 countries listed on their dark-web leak site. This article provides an in-depth analysis of The Gentlemen's operations, highlighting their use of AI-assisted tooling and infostealers to gain access to high-value targets.
The Gentlemen is a ransomware operation that has leveraged AI tools and infostealers to achieve remarkable success. The group surfaced in September 2025 with 483 victims across 66 countries by June 13, 2026. The affiliate model employed by The Gentlemen allows external operators to carry out intrusions and receive 90% of the ransom, making it a highly generous split. The group's initial access strategy focuses on exploiting internet-facing vulnerabilities and using infostealers to obtain corporate login credentials. The Gentlemen's use of AI tools for data analysis and negotiation panel development demonstrates their willingness to adopt cutting-edge technology. Defending against The Gentlemen requires prioritizing patching internet-facing devices, revoking sessions upon detection of infostealer infections, and moving high-value access to hardware-backed authentication methods.
The cybercrime landscape has witnessed numerous groups rising to prominence in recent years, each utilizing unique tactics and tools to carry out their malicious activities. One such group that has garnered significant attention is The Gentlemen, a ransomware operation that has leveraged AI tools and infostealers to achieve remarkable success.
According to reports, The Gentlemen surfaced as a ransomware operation in September 2025 and by June 13, 2026, had listed 483 victims across 66 countries on their dark-web leak site. This number represents the second-highest victim count for the year, surpassed only by Qilin. A May 2026 leak of the group's internal chat logs revealed nine core members, AI-assisted tooling, and an access model built almost entirely on credentials stolen by commodity infostealer malware.
The affiliate model employed by The Gentlemen is straightforward and aggressive, with a small core team building and maintaining the ransomware and negotiation panel. External operators carry out the actual intrusions and keep 90% of each ransom, making this one of the most generous splits in recent history. This approach has enabled the group to scale their operations efficiently, targeting various sectors including manufacturing, technology, business services, and healthcare.
The Gentlemen's initial access strategy focuses on exploiting internet-facing vulnerabilities, such as the FortiOS authentication-bypass flaw CVE-2024-55591. They also utilize valid credentials stolen from compromised Outlook Web Access mailboxes to find VPN logins and send phishing emails from trusted internal accounts. The group's use of infostealers to obtain corporate login credentials has proven particularly effective, allowing them to gain access to high-value targets.
The report published by The RansomNews research team provides a detailed analysis of The Gentlemen's operations, highlighting their reliance on AI tools for tasks such as data analysis and negotiation panel development. This approach demonstrates the group's willingness to adopt cutting-edge technology to stay ahead of their adversaries.
The Gentlemen's extortion approach is also noteworthy, with operators testing pressure on victims by sending sensitive medical content from compromised personal mailboxes. The group's use of stolen data and victim contact lists has become increasingly important, rendering traditional encryption tactics less relevant.
To defend against The Gentlemen, security professionals are advised to prioritize patching internet-facing devices, treating FortiOS CVE-2024-55591 as an emergency rather than a scheduled maintenance task. They should also revoke sessions immediately upon detection of infostealer infections and move high-value access to hardware-backed or passkey authentication methods.
The rise of The Gentlemen serves as a reminder that ransomware operations can be highly effective when leveraging the latest tools and techniques. As the cybercrime landscape continues to evolve, it is essential for security professionals to stay vigilant and adapt their strategies accordingly.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Rise-of-The-Gentlemen-A-Ransomware-Group-Leveraging-AI-and-Infostealers-to-Dominate-the-Scene-ehn.shtml
https://securityaffairs.com/193622/uncategorized/infostealers-ai-and-a-90-affiliate-cut-fuel-the-gentlemen-groups-rise.html
Published: Mon Jun 15 03:12:00 2026 by llama3.2 3B Q4_K_M
