The Gentlemen ransomware group is distributing a standardized suite of EDR-killing tools to affiliates, centered on GentleKiller and supported by leaked or third-party utilities such as HexKiller, ThrottleBlood, and HavocKiller. ESET also found that the group rapidly weaponizes new BYOVD PoCs and that a Rust-based credential stealer, OxideHarvest, has been used alongside attacks affecting organizations across multiple regions. #Gentlemen #GentleKiller #HexKiller #ThrottleBlood #HavocKiller #OxideHarvest #BYOVD
Keypoints
- The Gentlemen RaaS offers affiliates a ready-made EDR-killer suite.
- GentleKiller has eight variants and targets dozens of security products.
- The group quickly adapts new BYOVD exploits soon after public disclosure.
- Third-party tools include HexKiller, ThrottleBlood, and HavocKiller.
- OxideHarvest steals browser data, while CERT/CC warned of Secure Boot bypass risks.
Read More: https://thehackernews.com/2026/06/the-gentlemen-raas-uses-gentlekiller.html