Threat Analysis: The Gentlemen Ransomware and Supply Chain Poisoning, What UK SMBs Need to Know

Threats & Attacks

Threat Analysis: The Gentlemen Ransomware and Supply Chain Poisoning, What UK SMBs Need to Know

By Mauven MacLeod ·

Hello, Mauven here.

This is your Daily Threat Analysis for 13th May 2026.

Two stories today. Both matter to UK SMBs. One is a ransomware group you may not have heard of yet but will. The other is a supply chain problem that is already inside the tools your IT provider uses, and they may not know it either.

The Gentlemen: A Ransomware Group That Is Moving Fast

The Gentlemen ransomware operation emerged publicly in the second half of 2025. By the standards of these groups, it has escalated quickly. AlienVault OTX is tracking it with 70 indicators across two overlapping pulses, and The DFIR Report published a detailed intrusion timeline yesterday based on an April 2026 incident.

Here is what the intrusion looked like. Threat actors delivered EtherRAT through a malicious MSI installer disguised as a Sysinternals tool, the kind of legitimate Windows administration utility that IT teams use routinely. Once inside, the malware used a technique called EtherHiding: it pulls its command-and-control configuration from the Ethereum blockchain rather than a traditional domain or IP address.

This is worth pausing on. Most network-level defences, DNS filtering, firewall blocklists, threat intel feeds, work by blocking known bad domains or IPs. EtherHiding sidesteps all of that. The C2 infrastructure is effectively hosted on a public blockchain that you cannot block without also blocking legitimate Ethereum traffic. Defenders need to look for the behaviour, not the destination.

Following the initial compromise, actors deployed a second malware framework called TukTuk, using DLL sideloading through legitimate applications. They then conducted Kerberoasting and lateral movement using tools including Mimikatz and NetExec before deploying ransomware.

The group has reported connections to the Qilin ransomware ecosystem and to a Russian-speaking affiliate known as ‘hastalamuerte.’ The DFIR Report also notes the use of SystemBC, a proxy malware that has appeared consistently in Qilin-affiliated campaigns. This is not a new operation running new techniques. This is existing ransomware affiliate infrastructure rebranded and scaling up.

The advisory does not name UK targets. What it does not say is that Qilin-affiliated campaigns have been observed targeting professional services, legal, and healthcare sectors, all areas with significant UK SMB exposure. That is an inference from the pattern of prior campaigns, and I will be clear that it is inference. But the sector targeting history is documented.

What this means operationally for UK SMBs:

  • Sysinternals tools delivered outside official Microsoft channels should be treated as suspect. If your IT provider or MSP pushes utilities to your endpoints, ask where they come from and whether they are verified.
  • Endpoint detection needs to be configured to flag DLL sideloading behaviour and unexpected blockchain traffic, not just known-bad signatures.
  • If you are running Active Directory, Kerberoasting is a well-understood attack. Service accounts with excessive privileges and weak passwords are the entry point. This has been covered in NCSC guidance. The fact that Kerberoasting still features in active intrusions tells you how far implementation lags behind awareness.

Supply Chain Poisoning: The npm Problem and the AI Platform Problem

Two supply chain incidents reported this week, and together they represent a pattern that is accelerating.

TanStack npm packages. Socket Security identified 84 compromised TanStack npm package artifacts. TanStack packages, including @tanstack/react-router, have over 12 million weekly downloads. The malicious versions contain a heavily obfuscated file called router_init.js with daemonization capabilities and access to environment variables, specifically targeting GitHub Actions secrets.

To be direct about what this means: if your business has a development team, or if your managed IT provider uses automated deployment pipelines, the compromised packages may have run inside your CI/CD infrastructure. The malware’s primary target is credential theft from build environments, API keys, cloud credentials, repository access tokens. Those credentials do not expire when you patch the package. If they were exfiltrated, they need to be rotated.

AI platform poisoning. Acronis identified over 575 malicious skills across 13 developer accounts in the OpenClaw AI ecosystem, alongside malicious models and datasets on Hugging Face. The payloads include AMOS stealer, cryptominers, and trojans targeting both Windows and macOS.

This is the supply chain problem extending into AI tooling. Businesses adopting AI agent frameworks, and there are many UK SMBs doing exactly this right now, often without a security review, are pulling components from ecosystems that have weaker vetting than traditional package registries. The trust model that developers apply to PyPI or npm is being incorrectly transferred to AI model repositories where it does not hold.

What this means operationally:

  • If your development team or IT provider uses TanStack packages, check whether any of the affected versions were installed between the compromise window. Rotate any credentials that could have been accessed by the build environment during that period.
  • If your business is adopting AI agent tools, ask specifically which model repositories or skill marketplaces they pull from, and what the vetting process is. “We downloaded it from the official repository” is not a sufficient answer when the official repository has been compromised.
  • Software composition analysis tools should be standard in any development pipeline. If your IT provider cannot tell you what SCA tooling they use, that is a gap worth surfacing.

The Wider Context: Foxconn

Foxconn confirmed today that North American factories were hit by the Nitrogen ransomware gang. Foxconn is the world’s largest electronics manufacturer, a tier-one supplier to Apple, Sony, and dozens of other major brands.

I am not covering this as the lead story because the direct UK SMB exposure is limited. But I will note the pattern: Nitrogen ransomware operates as a ransomware-as-a-service affiliate model, similar to The Gentlemen’s relationship with Qilin. These are not monolithic criminal organisations. They are affiliate networks. The same TTPs, the same access brokers, the same tooling, applied across targets of very different sizes.

If your business is a downstream supplier to any major electronics or manufacturing brand, the supply chain risk question is not hypothetical.

Actions for Today

  1. Ask your IT provider or MSP whether any TanStack npm packages are present in their deployment tooling or your codebase. If yes, identify the versions and check against Socket Security’s published indicators.
  2. Verify Sysinternals tools on your endpoints are sourced directly from Microsoft. If your IT provider installs utilities remotely, confirm provenance.
  3. Review service account permissions in Active Directory if you run on-premises infrastructure. Kerberoasting targets over-privileged service accounts with weak or default passwords. NCSC guidance on this is not new. The attack vector is not going away.
  4. If you are evaluating AI agent tools, add supply chain verification to your assessment criteria before deployment. Ask vendors directly which model registries they use and how they validate integrity.

Sources

SourceTitleURL
The DFIR ReportFlash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomwarehttps://thedfirreport.com/2026/05/11/flash-alert-etherrat-and-tuktuk-c2-end-in-the-gentleman-ransomware/
AlienVault OTXLBIOC-20260071 - The Gentlemens Leakhttps://otx.alienvault.com
Socket SecurityTanStack npm Packages Compromised in Ongoing Supply-Chain Attackhttps://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
Acronis TRUPoisoning the well: AI supply chain attacks on Hugging Face and OpenClawhttps://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw
BleepingComputerFoxconn confirms cyberattack claimed by Nitrogen ransomware ganghttps://www.bleepingcomputer.com/news/security/electronics-giant-foxconn-confirms-cyberattack-on-north-american-factories/

Filed under

  • ransomware-groups
  • supply-chain-risk
  • smb-security
  • uk-business
  • vendor-risk
  • credential-theft
  • incident-response