TI Mindmap HUB
Threat Intelligence Report

GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government

📅 May 13, 2026 📰 socket.dev 🔍 0 CVE(s) referenced

The GemStuffer campaign covertly scrapes UK local government portals and abuses RubyGems as a data exfiltration channel, embedding stolen council data in junk gem packages published with hardcoded credentials—demonstrating how trusted package registries can be weaponized for stealthy, programmatic data theft.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle