The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The Gentlemen RaaS and SystemBC Activity Observed in Enterprise Intrusions

Apr 27, 2026 2:06:10 PM / by The Hivemind posted in Threat Bulletin, Ransomware, RaaS, Cobalt Strike, SystemBC, lateral movement, enterprise compromise, GPO abuse, proxy malware

0 Comments

Verticals Targeted: Enterprise Networks
Regions Targeted: US, UK, Germany
Related Families: SystemBC, Cobalt Strike

Executive Summary

The Gentlemen ransomware-as-a-service (RaaS) operation has rapidly scaled in early 2026, leveraging multi-platform encryption capabilities and enterprise-focused intrusion techniques. Recent DFIR analysis shows affiliates using tools such as SystemBC and Cobalt Strike to establish covert access, pivot laterally, and deploy ransomware at scale via Group Policy, enabling rapid domain-wide encryption events. The Gentlemen has been observed targeting enterprise networks primarily in the US, UK, and Germany.

Read More

ZionSiphon: OT-Focused Malware Highlights Emerging Risk to Water Infrastructure Systems

Apr 24, 2026 3:01:13 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Cobalt Strike, SystemBC, Emerging Threat, lateral movement, post-exploitation, enterprise compromise, GPO abuse, proxy malware, credential access, TheGentlemen

0 Comments

Verticals Targeted: Water, Critical Infrastructure
Regions Targeted: Israel

Executive Summary

ZionSiphon is an OT-focused malware sample designed to identify and interact with water treatment and desalination environments. It was used to target water treatment systems in Israel. Although the analyzed version appears partially non-functional, it demonstrates ICS-aware targeting, industrial protocol interaction, and politically motivated intent. The sample provides insight into evolving adversary interest in manipulating systems that underpin critical infrastructure operations.

Read More

SystemBC Now Targeting Linux

Feb 18, 2025 2:05:57 PM / by The Hivemind posted in Threat Bulletin, Linux, RAT, SystemBC, Evolving Threat

0 Comments

Related Families: RIG, Fallout EK

Executive Summary

SystemBC, a RAT that previously only targeted Windows systems was recently observed targeting Linux.

Read More

DroxiDat Targets African Power Company

Aug 18, 2023 2:54:28 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Energy, DroxiDat, Pistachio Tempest, SystemBC, Fin12

0 Comments

Related Families: SystemBC
Verticals Targeted: Energy

Executive Summary

An African energy sector entity was recently targeted using DroxiDat, a variant of SystemBC.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More