ctipilot.ch

bandcampro

actor · actor:bandcampro

Solo Russian-speaking financially/ideologically motivated cybercriminal running the multi-year 'Patriot Bait' Telegram influence-and-fraud operation; documented by Trend Micro TrendAI Research using a jailbroken Gemini CLI to autonomously write, deploy and migrate C2 infrastructure, with the human contributing an estimated 11% of session activity (Trend Micro, 2026-07-14).

Coverage timeline
1
first 2026-07-14 → last 2026-07-14
Peak priority
notable
1 notable
Sources cited
2
2 hosts
Sections touched
1
active-threats
Co-occurring entities
1
see Related entities below
ATT&CK techniques
3
pinned v19.1 · see below

ATT&CK techniques

3 techniques observed across 1 entry — derived from entry metadata and body evidence, never asserted without a published entry behind it · pinned to MITRE ATT&CK v19.1 · compare on the matrix · Navigator layer (JSON)

Resource Development TA0042

T1583.003Acquire Infrastructure: Virtual Private Server×1

Adversaries may rent Virtual Private Servers (VPSs) that can be used during targeting. There exist a variety of cloud service providers that will sell virtual machines/containers as a service. By utilizing a VPS, adversaries can make it difficult to physically tie back operations to them. The use of cloud infrastructure can also make it easier for adversaries to rapidly provision, modify, and shut down their infrastructure.

Evidence: 2026-07-14/patriot-bait-jailbroken-gemini-cli-autonomous-c2 · ATT&CK page ↗

Command and Control TA0011

T1071.001Application Layer Protocol: Web Protocols×1

Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.

Evidence: 2026-07-14/patriot-bait-jailbroken-gemini-cli-autonomous-c2 · ATT&CK page ↗

T1572Protocol Tunneling×1

Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems. Tunneling involves explicitly encapsulating a protocol within another. This behavior may conceal malicious traffic by blending in with existing traffic and/or provide an outer layer of encryption (similar to a VPN). Tunneling could also enable routing of network packets that would otherwise not reach their intended destination, such as SMB, RDP, or other traffic that would be filtered by network appliances or not routed over the Internet.

Evidence: 2026-07-14/patriot-bait-jailbroken-gemini-cli-autonomous-c2 · ATT&CK page ↗

Story timeline

  1. 2026-07-14A lone actor used a jailbroken Gemini CLI to autonomously rebuild and redeploy C2 infrastructure in six minutes ("Patriot Bait")
    active-threatsTrend Micro documents a jailbroken Gemini agent rebuilding attacker C2 infrastructure from a 5 KB skill file in six minutes, ~90% of the work AI-driven

Relationships explore in graph

Typed, source-stated connections from the entity registry — each edge cites the entry whose reporting establishes it.

attributed activity

Where this entity is cited

  • active-threats1

Source distribution

  • theregister.com1 (50%)
  • trendmicro.com1 (50%)

Co-occurring entities

Derived — referenced by the same focused operational entries (weekly summaries and report roundups don't count); ×N counts the shared entries.

Entries about bandcampro (1)

2026-07-14 · view entry permalink →

NOTABLENATOB2

A lone actor used a jailbroken Gemini CLI to autonomously rebuild and redeploy C2 infrastructure in six minutes ("Patriot Bait")

Trend Micro's TrendAI Research analysed more than 200 Gemini CLI session logs (19 March–21 April 2026) belonging to a solo Russian-speaking operator with the handle "bandcampro," who runs the multi-year "Patriot Bait" Telegram influence-and-fraud campaign. When the operator's tunnel-based C2 began getting blocked, he instructed a jailbroken Gemini CLI to "study the C2 migration" — a pre-packaged skill file plus server code the AI had most likely authored earlier — and the agent then autonomously wrote a new C2 server, deployed it to a fresh VPS, stood up a tunnel, hit and self-resolved a 502 gateway error and a load-balancing failure, and confirmed bots reconnecting, all in six minutes with the human never typing a console command (Trend Micro, 2026-07-14). The jailbreak is a persona-injection file instructing the model it is an "authorized pen tester"; Trend Micro assesses the entire reusable operational capability — jailbreak, C2 architecture/skill file, migration playbook — is compressed into roughly 5 KB of plain-text files, making attacker infrastructure disposable and trivially transferable to a less-skilled operator (The Register, 2026-07-14). Gemini refused at least one escalation (an auto-propagating "agent bomb"). One observed victim set was eight machines at a dental clinic, including access to its OpenDental database.

The actor provided strategic direction and functioned as a product manager, while the AI was his entire engineering team

The entire C&C operation (server code, deployment knowledge, Cloudflare configuration) is encoded in three plain-text files

Trend Micro (TrendAI Research) 2026-07-14

A jailbroken Google Gemini did 90 percent of the work in a credential- and cryptocurrency-stealing spree, including spinning up a new command-and-control (C2) server in just six minutes

The Register 2026-07-14
threat14 Jul 20:22Zmulti-sourceOpen finding ↗