Check Point Research
Check Point's threat-research division; gained C2 visibility into The Gentlemen's 1,570+ victim network.
Last refreshed: 8 May 2026 · Appears in 1 active topic
Did Check Point Research notify the 1,570 Gentlemen ransomware victims it identified?
Timeline for Check Point Research
Gained visibility on 1,570 Gentlemen ransomware victims via a compromised SystemBC C2 server
Cybersecurity: Threats and Defences: KB5091157, Gentlemen C2 intel, ENISA CNAs: in brief- How did Check Point Research access The Gentlemen's victim list?
- Check Point Research identified and monitored a SystemBC command-and-control server used by The Gentlemen ransomware group, gaining visibility into 1,570 confirmed victims. C2 monitoring exploits misconfigured or exposed infrastructure to obtain intelligence.Source: Check Point Research
- What is Check Point Research and what do they publish?
- Check Point Research is the threat-intelligence division of Check Point Software Technologies. It publishes the monthly Global Threat Index, major malware discoveries, and APT research. It reported on The Gentlemen ransomware's 1,570+ victim network in May 2026.
- What is SystemBC malware and how does The Gentlemen use it?
- SystemBC is a proxy malware and C2 framework used by ransomware operators to maintain persistent, encrypted command channels. The Gentlemen ransomware group deployed SystemBC as their C2 infrastructure; Check Point Research identified and monitored a SystemBC server, revealing 1,570+ confirmed victims.Source: Check Point Research
- How does Check Point Research compare to Mandiant or CrowdStrike for threat intelligence?
- Check Point Research focuses on vulnerability discovery and malware analysis, publishing the monthly Global Threat Index. Mandiant (now Google Threat Intelligence Group) specialises in nation-state attribution and Incident Response. CrowdStrike OverWatch focuses on endpoint-based adversary tracking. All three contribute to public threat intelligence but with different methodological emphases.
Background
Check Point Research is the threat-intelligence and vulnerability research division of Check Point Software Technologies, one of the oldest publicly traded cybersecurity companies. In May 2026, Check Point Research identified and monitored a SystemBC command-and-control server operated by The Gentlemen RaaS, gaining visibility into at least 1,570 confirmed victims across the group's global operations. This single research action provided the most comprehensive public picture of The Gentlemen's reach to date.
Check Point Research publishes monthly and annual threat intelligence reports, including the widely cited Global Threat Index. Its research has led to the discovery of major malware families and state-sponsored toolkits. The division operates autonomously from Check Point's commercial product teams and publishes findings through its own blog, conference papers, and coordinated disclosures with government agencies.
The C2 monitoring technique — identifying and gaining access to a threat actor's command infrastructure — is a high-value intelligence collection method that can reveal victim lists, operational schedules, and malware configurations. That Check Point Research was able to do this against an active top-2 ransomware operation suggests either a misconfigured C2 or a deliberate law-enforcement cooperation effort, though neither was confirmed at the time of publication.