// #lateral-movement
3 articles
Gentlemen Ransomware Worm: Using Network Segmentation to Contain Propagation Before Detection
The confirmed worm capability in the Gentlemen ransomware payload — propagating via SMB exploitation and credential reuse — changes the containment calculus for enterprise incident response. Effective network segmentation stops worm propagation at VLAN boundaries. This guide maps the segmentation controls that constrain Gentlemen's lateral movement.
Gentlemen Ransomware Claims 478 Victims in 66 Countries as Worm-Like Lateral Movement Capability Confirmed
New analysis of the Gentlemen ransomware operation reveals the group has compromised 478 organisations across 66 countries, significantly exceeding initial healthcare-focused estimates. Researchers have confirmed the ransomware includes a worm module that leverages SMB vulnerabilities and credential reuse to spread autonomously across enterprise networks without human operator intervention.
MuddyWater Spent a Week Undetected Inside South Korean Electronics Giant's Network — Nine Organisations Compromised
Iranian state-sponsored threat group MuddyWater (Seedworm) conducted a sustained intrusion campaign against a major South Korean electronics manufacturer, maintaining persistence for over a week before detection. Nine connected organisations were compromised through the electronics firm's supplier and partner network. Lateral movement used living-off-the-land techniques to evade endpoint detection.