#velociraptor

[ follow ]
#storm-2603 #ransomware #cve-2025-6264 #toolshell #sharepoint-zero-day #cloudflare-workers
fromThe Hacker News
2 days ago

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

The threat actor's use of the security utility was documented by Sophos last month. It's assessed that the attackers weaponized the on-premises SharePoint vulnerabilities known as ToolShell to obtain initial access and deliver an outdated version of Velociraptor (version 0.73.4.0) that's susceptible to a privilege escalation vulnerability ( CVE-2025-6264) to enable arbitrary command execution and endpoint takeover, per Cisco Talos.
Information security
fromTheregister
3 days ago

SharePoint attackers add Velociraptor to ransomware tools

The ransomware gang caught exploiting Microsoft SharePoint zero-days over the summer has added a new tool to its arsenal: Velociraptor, an open-source digital forensics and incident response app not previously tied to ransomware incidents. In August, Cisco's Talos incident response team dealt with a ransomware attack in which the criminals deployed Warlock, LockBit, and Babuk ransomware to encrypt VMware ESXi virtual machines and Windows servers, and used Velociraptor to maintain stealthy access while they encrypted the victim organization's files. "Talos assesses with moderate confidence that this activity can be attributed to the group Storm-2603," Talos' researchers Michael Szeliga, Aliza Johnson, and Jaeson Schultz said in a Thursday threat report.
Information security
Information security
fromThe Hacker News
1 month ago

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Threat actors abused Velociraptor and msiexec to deploy Visual Studio Code as a tunneling tool, enabling remote access and staging additional payloads via Cloudflare Workers.
[ Load more ]