Storm-2603 exploited SharePoint servers to deploy Velociraptor with SYSTEM privileges, establishing redundant access via Cloudflare tunneling, Zoho Assist, and SSH through VS Code. Meanwhile, a second threat actor used...

https://captechgroup.com/threat-intelligence-center/storm-2603-and-velociraptor-exploit-single-intrusi-5b339a?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=storm-2603-and-velociraptor-exploit-single-intrusion-for-parallel-attack-operati