Cybersecurity experts have highlighted a sophisticated attack involving the misuse of legitimate tools like Velociraptor and remote access platforms to establish covert control over enterprise systems. This evolving tactic underscores the increasing use of authorized software and platforms for malicious purposes, including ransomware and credential theft. #Velociraptor #CloudflareWorkers
Keypoints
- Threat actors use Velociraptor to create tunnels and establish remote access without deploying malware.
- The attackers utilize Windows msiexec to download payloads from Cloudflare-hosted staging servers.
- Organizations are advised to monitor for unauthorized use of Velociraptor and suspicious behaviors.
- Microsoft Teams is increasingly exploited for initial access via impersonation and remote tool deployment.
- Malicious campaigns also involve phishing with fake Microsoft login pages, leveraging ADFS configurations.
Read More: https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html