Threat actors are abusing Velociraptor, an open-source digital
forensics and incident response (DFIR) tool, in connection with
ransomware attacks likely orchestrated by Storm-2603 (aka
CL-CRI-1040 or Gold Salem), which is known for deploying the
Warlock and LockBit ransomware. The threat actor's use of the
security utility was documented by Sophos last month. It's assessed
that the attackers
Read more https://thehackernews.com/2025/10/hackers-turn-velociraptor-dfir-tool.html
