Gbhackers
The Gentlemen Ransomware Group Exploits Fortinet Flaws and AI Tools
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The Gentlemen ransomware group has emerged as a significant threat in 2026, exploiting vulnerabilities in Fortinet systems, particularly CVE-2024-55591, an authentication bypass flaw. They have been observed using brute-force attacks on approximately 1,000 Fortinet VPN instances, often leveraging weak credentials. The group utilizes a custom command-and-control framework called G-BOT, replacing traditional tools like Cobalt Strike. AI tools, including ChatGPT, are employed for social engineering and automating victim communications. The group has a shared infrastructure with other ransomware brands, indicating a trend of rebranding among cybercriminals. Their operations have been linked to a threat actor known as 'Tinker,' who has appeared in previous ransomware campaigns. The current status of their activities suggests ongoing exploitation and a high level of sophistication in their operations.
Key Points: • The Gentlemen ransomware group exploits Fortinet vulnerabilities, notably CVE-2024-55591. • They utilize brute-force attacks on around 1,000 Fortinet VPN instances with weak credentials. • AI tools are integrated into their operations for phishing and victim communication.