The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
https://thehackernews.com/2026/06/the-gentlemen-raas-uses-gentlekiller.html
Publish Date: 2026-06-19 14:33:00
Source Domain: thehackernews.com
Summary
The article focuses on the active development and utilization of ransomware-as-a-service (RaaS) operations by the group known as The Gentlemen, which specifically develops a suite of endpoint detection and response (EDR) disabling tools referred to as GentleKiller. These tools are delivered to affiliates to neutralize security defenses before ransomware deployment. ESET notes that The Gentlemen integrates third-party or leaked tools like HexKiller, ThrottleBlood, and HavocKiller into this framework to evade detection. The organization claims The Gentlemen is one of the most technically agile ransomware groups, quickly operationalizing newly disclosed proof-of-concept attacks, especially in relation to bring your own vulnerable driver (BYOVD) exploits. Despite its recent emergence in 2025, the group has targeted over 500 victims across many regions, including Southeast Asia, South America, and Western Europe. The leadership of this operation has been identified as a Russian national named Alexander Andreevich Yapaev.
Key Points:
- The Gentlemen has quickly become one of the most active RaaS groups by developing centralized EDR killers.
- The EDR-killing framework, known as GentleKiller, includes various customized tools impersonating major security vendors.
- Third-party or leaked tools like HexKiller and ThrottleBlood are also incorporated into their attack mechanism.
- The group rapidly adopts new BYOVD exploits, increasing their operational agility.
- The sophistication of The Gentlemen’s operations has lowered the entry barrier for affiliates, making it a popular choice.
