SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
The Hacker News·60-word summary·1 min read
Threat actors linked to The Gentlemen ransomware-as-a-service operation have used the SystemBC proxy malware, revealing a botnet of over 1,570 victims. The command-and-control server associated with SystemBC was identified by Check Point, highlighting ongoing security risks from this operation. The malware establishes SOCKS5 tunnels, facilitating malicious activities across compromised systems.
France Titres, a French government agency responsible for issuing administrative documents, confirmed a data breach after a hacker claimed to have stolen citizen data and offered to sell it. The breach highlights ongoing security concerns in government digital infrastructure, though specific details on the amount of data compromised or the date of the attack have not been disclosed.
A ransomware negotiator pleaded guilty to involvement in a BlackCat scheme, highlighting security risks in negotiations. The case underscores the importance of separating negotiation roles from ransom payment processes to prevent legal and security issues. Experts warn that such involvement can lead to criminal charges and increased vulnerability to cyberattacks. The case serves as a reminder for organizations to handle ransom negotiations carefully.
Cybercriminals are cloning Iran’s toll system, which accepts Bitcoin and Tether, to launch scams targeting shipping companies amid rising tensions in the Strait of Hormuz. Security firm MARISKS reported that scammers are sending fraudulent messages to exploit the system, posing a significant security threat to crypto payments used in maritime operations. The scam highlights vulnerabilities in Iran’s crypto toll infrastructure.
North Korea’s Lazarus Group reportedly laundered $290 million in crypto through Ethereum and Bitcoin, highlighting security vulnerabilities in DeFi platforms. The incident, which raises concerns over illicit activities, could lead to stricter regulations and influence market stability. The laundering was reported in April 2026, emphasizing ongoing risks within the crypto ecosystem.
Curve founder Alexander Egorov criticized DeFi platforms on April 21, 2026, for security failures, highlighting that during recent exploits, platforms blamed each other while users lost access to funds. Egorov questioned the industry's professionalism, calling into doubt the security measures across DeFi, which he described as an industry of clowns.
There is no relevant Web3 or crypto security information in this article. It discusses former President Trump's extension of the Iran blockade, impacting geopolitical tensions and market dynamics, with a deadline for ceasefire breach looming. The article does not mention any crypto-related security issues, amounts, or dates related to blockchain or digital assets.
