#storm-2603

[ follow ]
#ransomware #velociraptor #cve-2025-6264 #toolshell #sharepoint-zero-day #sharepoint #cybersecurity #microsoft
fromThe Hacker News
3 days ago

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

The threat actor's use of the security utility was documented by Sophos last month. It's assessed that the attackers weaponized the on-premises SharePoint vulnerabilities known as ToolShell to obtain initial access and deliver an outdated version of Velociraptor (version 0.73.4.0) that's susceptible to a privilege escalation vulnerability ( CVE-2025-6264) to enable arbitrary command execution and endpoint takeover, per Cisco Talos.
Information security
#ransomware
fromTheregister
4 days ago
Information security

SharePoint attackers add Velociraptor to ransomware tools

Storm-2603 used Velociraptor alongside Warlock, LockBit, and Babuk ransomware to maintain stealthy access while encrypting VMware ESXi and Windows servers.
fromTheregister
2 months ago
Information security

Microsoft: SharePoint attacks now include ransomware

Storm-2603 is exploiting vulnerabilities in SharePoint servers to deploy ransomware.
more#ransomware
[ Load more ]