Hackers have found a new avenue for their malicious operations by exploiting the Velociraptor tool, which is primarily designed for digital forensics and incident response. This association with ransomware attacks appears to be particularly connected to the group Storm-2603, also known by its aliases CL-CRI-1040 or Gold Salem. This group is notorious for deploying infamous ransomware variants such as Warlock and LockBit, which can devastate organizations by encrypting their data and demanding ransom for decryption.
The specific details surrounding this exploitation, as noted by Sophos, highlight a concerning trend where DFIR tools, intended for improving cybersecurity posture, are turned against organizations by the very threat actors they aim to thwart. This misuse exemplifies the continuous cat-and-mouse game in cybersecurity, where tools can be co-opted for nefarious purposes, leading to significant implications for incident response efforts. As ransomware attacks evolve, it’s crucial for organizations to remain vigilant and bolster their defenses against such innovative tactics used by cybercriminals.
👉 Pročitaj original: The Hacker News
