The leaked internal chats of The Gentlemen RaaS group reveal that the gang heavily depends on infostealer credential logs and tools like Snusbase to gain initial access to corporate networks. Checkpoint Research and Hudson Rock show that this credential-driven approach is now a major trend, with groups like the Coinbase Cartel and malware families such as RedLine, Lumma, and Vidar enabling silent intrusions. #TheGentlemen #Snusbase #CheckpointResearch #CoinbaseCartel #RedLine #Lumma #Vidar
Keypoints
- The Gentlemenโs leaked chats exposed their daily ransomware operations.
- The group frequently uses infostealer credential logs for initial access.
- Operators search Snusbase and similar tools for compromised employee logins.
- Checkpoint Research found dedicated roles for handling credential logs.
- The Coinbase Cartel shows how stolen credentials can replace encryptors entirely.