TechNaduOct 14

🚨 Velociraptor DFIR exploited in LockBit ransomware attacks.

Huntress and Cisco Talos link Storm-2603 to a new campaign abusing outdated Velociraptor builds for privilege escalation, lateral movement, and ransomware deployment.

The crew reportedly used SharePoint exploits (ToolShell) and domain admin creation before dropping LockBit, Warlock, and Babuk payloads.

💬 Are open-source DFIR tools the next frontier for living-off-the-land tactics?

Full Details:
https://www.technadu.com/qantas-customer-data-was-published-after-the-july-cyber-breach-impacting-5-million-people/611263/

Follow TechNadu for more cutting-edge cyber threat intelligence.

#CyberSecurity #DFIR #Velociraptor #Ransomware #LockBit #Warlock #Babuk #ThreatIntel #Storm2603 #Infosec #IncidentResponse #ThreatHunting #TechNadu #CyberAwareness

ransomNewsOct 12
⚠️ Storm-2603 hijacks Velociraptor for multi-ransomware ops Sophos and Cisco Talos found Storm-2603 weaponizing #Velociraptor via ToolShell exploits to deploy LockBit, Warlock, and Babuk ransomware. #ransomNews #ransomware #storm2603
TechNaduOct 11

🚨 Velociraptor DFIR exploited in LockBit ransomware attacks.

Huntress and Cisco Talos link Storm-2603 to a new campaign abusing outdated Velociraptor builds for privilege escalation, lateral movement, and ransomware deployment.

The crew reportedly used SharePoint exploits (ToolShell) and domain admin creation before dropping LockBit, Warlock, and Babuk payloads.

💬 Are open-source DFIR tools the next frontier for living-off-the-land tactics?

Follow @technadu for more cutting-edge cyber threat intelligence.

#CyberSecurity #DFIR #Velociraptor #Ransomware #LockBit #Warlock #Babuk #ThreatIntel #Storm2603 #Infosec #IncidentResponse #ThreatHunting #TechNadu #CyberAwareness

The DefendOps DiariesAug 21, 2025

Colt Technology Services was rocked by a cyber attack—Warlock ransomware exploited a zero-day flaw in Microsoft SharePoint, disrupting services across 40 countries. Could your business be next?

https://thedefendopsdiaries.com/understanding-the-warlock-ransomware-attack-a-wake-up-call-for-cybersecurity/

#warlockransomware
#cybersecurity
#databreach
#microsoftsharepoint
#storm2603

Daniel Kuhl ✌🏻☮️☕️Aug 1, 2025

From Check Point Research:

Unmasking the China-nexus #Storm2603 toolset that pre-dated the ToolShell wave.📅

Active since at least Apr 2025.🔑

Multiple ransomware deployed together: #LockBit + #Warlock.💥

Custom backdoors: ak47dns & https://ak47http.

Read more: https://research.checkpoint.com/2025/before-toolshell-exploring-storm-2603s-previous-ransomware-operations/

#CheckPoint #ransomware #backdoors #malware

Kimbo106Jul 24, 2025

Vulnérabilité et tensions sino-américaines

Les vulnérabilités dans Microsoft SharePoint font couler beaucoup d'encre. Mais ce n'est rien comparé à la révélation effectuée par ProPublica. Les services du cloud Azure destinés à l'usage du département de la Défense américaine, le Pentagone, étaient maintenus par des ingénieurs chinois basés en Chine sous la protection du digital escorting.

Des données ultra-sensibles potentiellement sous la surveillance d'une puissance étrangère… D'autant que le dernier bijou technologique de la Chine, Massistant, est capable d’extraire l’intégralité des données d’un smartphone saisi lors d'un contrôle à la frontière. Dans le cadre d’une campagne nationale visant à garantir la « sécurité nationale ».

https://librexpression.fr/quand-le-the-est-froid

#Chine #CVE #databreaches #Europe #France #GAIAX #informatique #leakscandal #Librexpression #LinenTyphoon #Microsoft #ProPublica #SharePoint #Storm2603 #threats #USA #warfare #zeroday

(Crédits : DΛVΞ GΛRCIΛ/Pexels)