Ransomware Attackers Abuse Velociraptor Tool in New Campaign

Cyber Security News by CyberSum.net

Published on October 11, 2025 at 09:00 PM

6 sources

Threat actors are exploiting Velociraptor, an open-source digital forensics tool, in ransomware attacks. The attackers, likely Storm-2603, used SharePoint vulnerabilities for initial access and deployed Warlock, LockBit, and Babuk ransomware. They modified Active Directory policies and used tools like Smbexec for lateral movement. The campaign, which began in August 2025, severely impacted IT environments by encrypting virtual machines and Windows servers.

Also Read

PassiveNeuron Cyberespionage Campaign Resurfaces with New Tactics

The PassiveNeuron cyberespionage campaign has re-emerged after a six-month hiatus, targeting government, financial, and industrial organizations with sophisticated malware. The campaign primarily exploits Microsoft SQL servers to gain initial access, leveraging vulnerabilities or brute-forcing credentials. Attackers deploy ASPX web shells and adapt their techniques to evade detection, using custom malware like Neursite and NeuralExecutor. The campaign's persistence and targeted nature highlight the need for robust SQL injection defenses and comprehensive web shell detection.

By Cyber Security News by CyberSum.netOctober 21, 2025 at 09:00 PM