Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Posted on October 11, 2025 • 1 min read • 60 words
Share via

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware. The threat actors use of the security utility was documented by Sophos last

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Read on Hackernews

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware. The threat actor’s use of the security utility was documented by Sophos last month. It’s assessed that the attackers

Follow Us

Everything coding, technology, and digital Life