⚠️ Storm-2603 hijacks Velociraptor for multi-ransomware ops
Sophos and Cisco Talos found Storm-2603 weaponizing #Velociraptor via ToolShell exploits to deploy LockBit, Warlock, and Babuk ransomware.
#ransomNews #ransomware #storm2603
Sophos and Cisco Talos found Storm-2603 weaponizing #Velociraptor via ToolShell exploits to deploy LockBit, Warlock, and Babuk ransomware.
#ransomNews #ransomware #storm2603
October 12, 2025 at 7:37 AM
⚠️ Storm-2603 hijacks Velociraptor for multi-ransomware ops
Sophos and Cisco Talos found Storm-2603 weaponizing #Velociraptor via ToolShell exploits to deploy LockBit, Warlock, and Babuk ransomware.
#ransomNews #ransomware #storm2603
Sophos and Cisco Talos found Storm-2603 weaponizing #Velociraptor via ToolShell exploits to deploy LockBit, Warlock, and Babuk ransomware.
#ransomNews #ransomware #storm2603
Untersuchung der bisherigen Ransomware-Operationen der nicht-dokumentierten Gruppe STORM-2603
#AntivirusTerminator @CheckPointSW @CheckPointResearch #Cyberbedrohung #Cybersecurity #Cybersicherheit #Ransomware #Sharepoint #Sicherheitslücke #STORM2603
netzpalaver.de/2025/...
#AntivirusTerminator @CheckPointSW @CheckPointResearch #Cyberbedrohung #Cybersecurity #Cybersicherheit #Ransomware #Sharepoint #Sicherheitslücke #STORM2603
netzpalaver.de/2025/...
August 9, 2025 at 2:12 PM
Untersuchung der bisherigen Ransomware-Operationen der nicht-dokumentierten Gruppe STORM-2603
#AntivirusTerminator @CheckPointSW @CheckPointResearch #Cyberbedrohung #Cybersecurity #Cybersicherheit #Ransomware #Sharepoint #Sicherheitslücke #STORM2603
netzpalaver.de/2025/...
#AntivirusTerminator @CheckPointSW @CheckPointResearch #Cyberbedrohung #Cybersecurity #Cybersicherheit #Ransomware #Sharepoint #Sicherheitslücke #STORM2603
netzpalaver.de/2025/...
Storm-2603 is misusing DFIR tools to stay inside networks. It’s a sharp reminder: even your defenses can be turned against you. #DFIR #CyberThreats #Storm2603 #CyberDefense www.darkreading.com/cybersecurit...
China Hackers Use Velociraptor IR Tool for Ransomware
A new adversary tactic, Storm-2603 threat group is abusing the digital forensics & incident response (DFIR) tool for persistent access to victim networks.
www.darkreading.com
October 20, 2025 at 6:12 PM
Storm-2603 is misusing DFIR tools to stay inside networks. It’s a sharp reminder: even your defenses can be turned against you. #DFIR #CyberThreats #Storm2603 #CyberDefense www.darkreading.com/cybersecurit...
ClayRat e Velociraptor ridefiniscono le minacce cyber: spyware Android e tool forensics usati da Storm-2603 in attacchi ransomware globali.
#Android #CiscoTalos #ClayRat #Ransomware #spyware #Storm2603 #Velociraptor #Zimperium
www.matricedigitale.it/2025/10/09/c...
#Android #CiscoTalos #ClayRat #Ransomware #spyware #Storm2603 #Velociraptor #Zimperium
www.matricedigitale.it/2025/10/09/c...
October 9, 2025 at 5:33 PM
ClayRat e Velociraptor ridefiniscono le minacce cyber: spyware Android e tool forensics usati da Storm-2603 in attacchi ransomware globali.
#Android #CiscoTalos #ClayRat #Ransomware #spyware #Storm2603 #Velociraptor #Zimperium
www.matricedigitale.it/2025/10/09/c...
#Android #CiscoTalos #ClayRat #Ransomware #spyware #Storm2603 #Velociraptor #Zimperium
www.matricedigitale.it/2025/10/09/c...
💥 Microsoft meldet 400 kompromittierte Organisationen durch SharePoint-Schwachstellen – auch US-Atombehörde betroffen.
👉 www.speicherguide.de/news/microso...
#Cybersicherheit #Storm2603 #ITSecurity #Ransomware #Sicherheitslücke #Cyberangriff
👉 www.speicherguide.de/news/microso...
#Cybersicherheit #Storm2603 #ITSecurity #Ransomware #Sicherheitslücke #Cyberangriff
Microsoft Sharepoint-Exploits: Offenbar US-Atombehörde betroffen
Nach Angaben von Microsoft sind inzwischen rund 400 Organisationen von Angriffen auf On-Premises-Sharepoint-Server betroffen, darunter die US-Atombehörde NNSA. Die Schwachstellen werden von Angreifern...
www.speicherguide.de
July 25, 2025 at 10:01 AM
💥 Microsoft meldet 400 kompromittierte Organisationen durch SharePoint-Schwachstellen – auch US-Atombehörde betroffen.
👉 www.speicherguide.de/news/microso...
#Cybersicherheit #Storm2603 #ITSecurity #Ransomware #Sicherheitslücke #Cyberangriff
👉 www.speicherguide.de/news/microso...
#Cybersicherheit #Storm2603 #ITSecurity #Ransomware #Sicherheitslücke #Cyberangriff
Warlock is a #ransomware based on the leaked #LockBit code, & is used by the Chinese #APT group #Storm2603 in the recent #ToolShell campaign. Protect yourself by deploying our public #YARArules: https://bit.ly/3x34FdW
GitHub - reversinglabs/reversinglabs-yara-rules: ReversingLabs YARA Rules
ReversingLabs YARA Rules. Contribute to reversinglabs/reversinglabs-yara-rules development by creating an account on GitHub.
bit.ly
September 26, 2025 at 8:55 PM
Warlock is a #ransomware based on the leaked #LockBit code, & is used by the Chinese #APT group #Storm2603 in the recent #ToolShell campaign. Protect yourself by deploying our public #YARArules: https://bit.ly/3x34FdW
⚠️重大⚠️警告⚠️
Microsoft「SharePointをオンプレミスで使用している場合は侵害されたと考えて。中国から世界規模の大規模なサイバー攻撃」
#LinenTyphoon #VioletTyphoon #Storm2603
詳細を解説。ご視聴はこちら👇
youtu.be/H1gNpN60wRw
⚠️Serious⚠️Warning⚠️
Microsoft: "If you're using SharePoint on-premise, assume you've been breached. Large-scale global cyber attack from China"
Microsoft「SharePointをオンプレミスで使用している場合は侵害されたと考えて。中国から世界規模の大規模なサイバー攻撃」
#LinenTyphoon #VioletTyphoon #Storm2603
詳細を解説。ご視聴はこちら👇
youtu.be/H1gNpN60wRw
⚠️Serious⚠️Warning⚠️
Microsoft: "If you're using SharePoint on-premise, assume you've been breached. Large-scale global cyber attack from China"
【!重大!警告!】Microsoft「SharePointをオンプレミスで使用している場合は侵害されたと考えて。中国から世界規模の大規模なサイバー攻撃」
YouTube video by 情報の灯台【パソコン】ソース有り
youtu.be
July 23, 2025 at 6:44 AM
⚠️重大⚠️警告⚠️
Microsoft「SharePointをオンプレミスで使用している場合は侵害されたと考えて。中国から世界規模の大規模なサイバー攻撃」
#LinenTyphoon #VioletTyphoon #Storm2603
詳細を解説。ご視聴はこちら👇
youtu.be/H1gNpN60wRw
⚠️Serious⚠️Warning⚠️
Microsoft: "If you're using SharePoint on-premise, assume you've been breached. Large-scale global cyber attack from China"
Microsoft「SharePointをオンプレミスで使用している場合は侵害されたと考えて。中国から世界規模の大規模なサイバー攻撃」
#LinenTyphoon #VioletTyphoon #Storm2603
詳細を解説。ご視聴はこちら👇
youtu.be/H1gNpN60wRw
⚠️Serious⚠️Warning⚠️
Microsoft: "If you're using SharePoint on-premise, assume you've been breached. Large-scale global cyber attack from China"
Alert: Storm-2603 exploits SharePoint vulnerabilities to deploy Warlock ransomware. Ensure your systems are updated and secure. #CyberSecurity #Ransomware #SharePoint #Storm2603 Link: thedailytechfeed.com/storm-2603-e...
July 24, 2025 at 4:20 PM
Alert: Storm-2603 exploits SharePoint vulnerabilities to deploy Warlock ransomware. Ensure your systems are updated and secure. #CyberSecurity #Ransomware #SharePoint #Storm2603 Link: thedailytechfeed.com/storm-2603-e...
#Microsoft servers hacked by Chinese groups, says #techgiant
www.bbc.co.uk/news/article...
Threat actors hack some #MicrosoftSharePoint servers & target data of business users.
#BigTech #CyberSecurity #InfoSec #CyberCrime #LinenTyphoon #VioletTyphoon #Storm2603
www.bbc.co.uk/news/article...
Threat actors hack some #MicrosoftSharePoint servers & target data of business users.
#BigTech #CyberSecurity #InfoSec #CyberCrime #LinenTyphoon #VioletTyphoon #Storm2603
Microsoft servers hacked by Chinese state-backed groups, firm says
The US tech giant is recommending some users install security updates after the data breach.
www.bbc.co.uk
July 23, 2025 at 3:09 PM
#Microsoft servers hacked by Chinese groups, says #techgiant
www.bbc.co.uk/news/article...
Threat actors hack some #MicrosoftSharePoint servers & target data of business users.
#BigTech #CyberSecurity #InfoSec #CyberCrime #LinenTyphoon #VioletTyphoon #Storm2603
www.bbc.co.uk/news/article...
Threat actors hack some #MicrosoftSharePoint servers & target data of business users.
#BigTech #CyberSecurity #InfoSec #CyberCrime #LinenTyphoon #VioletTyphoon #Storm2603
Storm-2603 evolve nel ransomware con ak47c2 e ToolShell, puntando settori sensibili tramite exploit e backdoor avanzate.
#ak47c2 #backdoor #CheckPointResearch #Ransomware #Storm2603 #ToolShell
www.matricedigitale.it/2025/08/01/s...
#ak47c2 #backdoor #CheckPointResearch #Ransomware #Storm2603 #ToolShell
www.matricedigitale.it/2025/08/01/s...
August 1, 2025 at 6:25 AM
Storm-2603 evolve nel ransomware con ak47c2 e ToolShell, puntando settori sensibili tramite exploit e backdoor avanzate.
#ak47c2 #backdoor #CheckPointResearch #Ransomware #Storm2603 #ToolShell
www.matricedigitale.it/2025/08/01/s...
#ak47c2 #backdoor #CheckPointResearch #Ransomware #Storm2603 #ToolShell
www.matricedigitale.it/2025/08/01/s...
2/2:
Attackers use Mimikatz, PsExec, WMI & GPOs for lateral movement and ransomware delivery. Microsoft urges urgent patching. CISA confirms active exploitation of CVE-2025-53770.
#CyberSecurity #Ransomware #Storm2603 #ZeroDay #Microsoft #SharePoint #Infosec #APT
Attackers use Mimikatz, PsExec, WMI & GPOs for lateral movement and ransomware delivery. Microsoft urges urgent patching. CISA confirms active exploitation of CVE-2025-53770.
#CyberSecurity #Ransomware #Storm2603 #ZeroDay #Microsoft #SharePoint #Infosec #APT
July 25, 2025 at 10:28 AM
2/2:
Attackers use Mimikatz, PsExec, WMI & GPOs for lateral movement and ransomware delivery. Microsoft urges urgent patching. CISA confirms active exploitation of CVE-2025-53770.
#CyberSecurity #Ransomware #Storm2603 #ZeroDay #Microsoft #SharePoint #Infosec #APT
Attackers use Mimikatz, PsExec, WMI & GPOs for lateral movement and ransomware delivery. Microsoft urges urgent patching. CISA confirms active exploitation of CVE-2025-53770.
#CyberSecurity #Ransomware #Storm2603 #ZeroDay #Microsoft #SharePoint #Infosec #APT
#US #nuclear weapons agency among 400 organisations breached by #China #hacker groups — #LinenTyphoon, #VioletTyphoon, and #Storm2603.
www.theguardian.com/technology/2...
www.theguardian.com/technology/2...
US nuclear weapons agency ‘among 400 organisations breached by Chinese hackers’
Microsoft says vulnerabilities in its SharePoint servers exposed as reports point to wave of attacks
www.theguardian.com
July 23, 2025 at 4:59 PM
#US #nuclear weapons agency among 400 organisations breached by #China #hacker groups — #LinenTyphoon, #VioletTyphoon, and #Storm2603.
www.theguardian.com/technology/2...
www.theguardian.com/technology/2...
Alert: Storm-2603 exploits SharePoint flaws to deploy Warlock ransomware. Ensure your systems are patched and security measures are in place. #CyberSecurity #Ransomware #SharePoint #Storm2603 Link: thedailytechfeed.com/storm-2603-e...
August 1, 2025 at 4:42 PM
Alert: Storm-2603 exploits SharePoint flaws to deploy Warlock ransomware. Ensure your systems are patched and security measures are in place. #CyberSecurity #Ransomware #SharePoint #Storm2603 Link: thedailytechfeed.com/storm-2603-e...
#Microsoft: #SharePoint attacks now officially include #ransomware infections
www.theregister.com/2025/07/24/m...
Redmond confirms #Storm2603 is abusing now-patched #vulnerability.
#CyberSecurity #InfoSec #CyberCrime #MicrosoftSharepoint
www.theregister.com/2025/07/24/m...
Redmond confirms #Storm2603 is abusing now-patched #vulnerability.
#CyberSecurity #InfoSec #CyberCrime #MicrosoftSharepoint
Microsoft: SharePoint attacks now include ransomware
: Let the games begin
www.theregister.com
July 24, 2025 at 11:49 PM
#Microsoft: #SharePoint attacks now officially include #ransomware infections
www.theregister.com/2025/07/24/m...
Redmond confirms #Storm2603 is abusing now-patched #vulnerability.
#CyberSecurity #InfoSec #CyberCrime #MicrosoftSharepoint
www.theregister.com/2025/07/24/m...
Redmond confirms #Storm2603 is abusing now-patched #vulnerability.
#CyberSecurity #InfoSec #CyberCrime #MicrosoftSharepoint
Attackers use Mimikatz, PsExec, WMI & GPOs for lateral movement and ransomware delivery. Microsoft urges urgent patching. CISA confirms active exploitation of CVE-2025-53770.
#PotatoSecurity #Ransomware #Storm2603 #ZeroDay #Microsoft #SharePoint #Infosec #APT
#PotatoSecurity #Ransomware #Storm2603 #ZeroDay #Microsoft #SharePoint #Infosec #APT
July 25, 2025 at 10:28 AM
Attackers use Mimikatz, PsExec, WMI & GPOs for lateral movement and ransomware delivery. Microsoft urges urgent patching. CISA confirms active exploitation of CVE-2025-53770.
#PotatoSecurity #Ransomware #Storm2603 #ZeroDay #Microsoft #SharePoint #Infosec #APT
#PotatoSecurity #Ransomware #Storm2603 #ZeroDay #Microsoft #SharePoint #Infosec #APT
~Checkpoint~
Threat actor Storm-2603 linked to earlier LockBit & Warlock ransomware attacks using a custom C2 framework dubbed 'ak47c2'.
-
IOCs: updatemicfosoft[. ]com, microsfot[. ]org
-
#Ransomware #Storm2603 #ThreatIntel
Threat actor Storm-2603 linked to earlier LockBit & Warlock ransomware attacks using a custom C2 framework dubbed 'ak47c2'.
-
IOCs: updatemicfosoft[. ]com, microsfot[. ]org
-
#Ransomware #Storm2603 #ThreatIntel
Storm-2603's Previous Ransomware Operations
research.checkpoint.com
July 31, 2025 at 8:02 PM
~Checkpoint~
Threat actor Storm-2603 linked to earlier LockBit & Warlock ransomware attacks using a custom C2 framework dubbed 'ak47c2'.
-
IOCs: updatemicfosoft[. ]com, microsfot[. ]org
-
#Ransomware #Storm2603 #ThreatIntel
Threat actor Storm-2603 linked to earlier LockBit & Warlock ransomware attacks using a custom C2 framework dubbed 'ak47c2'.
-
IOCs: updatemicfosoft[. ]com, microsfot[. ]org
-
#Ransomware #Storm2603 #ThreatIntel