Threats Tagged 'lateral-movement'
View all threats tagged with 'lateral-movement'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'lateral-movement'
Click on any threat for detailed analysis and mitigation recommendations
The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy 0 The Gentlemen ransomware-as-a-service program has rapidly expanded since mid-2025, claiming over 320 victims with 240 attacks occurring in early 2026. The service provides multi-platform lockers for Windows, Linux, NAS, BSD, and ESXi, enabling comprehensive coverage of corporate environments. During an incident response engagement, an affiliate deployed SystemBC proxy malware for covert tunneling and payload delivery. Analysis of the SystemBC command-and-control server revealed a botnet of over 1,570 victims, primarily corporate and organizational targets. The intrusion progressed from domain controller compromise through credential validation, remote execution via administrative shares, and deployment of Cobalt Strike payloads. Attackers disabled defenses, established persistence through scheduled tasks and services, and ultimately deployed ransomware via Group Policy. The operation demonstrates sophisticated lateral movement capabilities, defense evasion techniques, and integration of mature post-exploit... Join the discussion | AlienVault OTX General | 04/20/2026, 15:00:35 UTC Added: 04/20/2026, 16:31:09 UTC |
Beast Ransomware Toolkit: A Proactive Threat Intelligence Report 0 This analysis delves into the Beast ransomware, a Ransomware-as-a-Service (RaaS) that emerged in June 2024 as a successor to Monster ransomware. The investigation focuses on a Beast ransomware server detected in March 2026, revealing the operators' toolkit and attack methodology. The toolkit includes various tools for reconnaissance, network mapping, credential theft, persistence, lateral movement, exfiltration, and impact. Notable findings include the presence of both Windows and Linux versions of Beast ransomware, indicating targeting of workstations and Linux servers on VMware ESXi hypervisors. The report highlights the importance of proactive collection of internet telemetry in identifying ransomware operators' toolkits before they can be used against targets. Join the discussion | AlienVault OTX General | 03/20/2026, 08:12:00 UTC Added: 03/20/2026, 08:23:29 UTC |
Showing 1 to 2 of 2 results