CyberSecurityBoard
Sponsor Register Login

Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks

Chinese cybercriminals have been leveraging the Velociraptor incident response tool to facilitate ransomware attacks, marking a significant evolution in their tactics. Velociraptor, originally designed for digital forensics and incident response, is being repurposed by threat actors to gain persistent access and control over compromised networks. This shift underscores the increasing sophistication of ransomware operations and the blending of legitimate tools with malicious intent. The attackers exploit Velociraptor's capabilities to conduct stealthy reconnaissance, lateral movement, and data exfiltration before deploying ransomware payloads. Organizations targeted by these campaigns often face prolonged intrusion periods, complicating detection and mitigation efforts. Security teams are urged to enhance monitoring for unusual Velociraptor activity and implement robust endpoint detection and response (EDR) strategies. Understanding the tactics, techniques, and procedures (TTPs) associated with these Chinese threat actors is critical for developing effective defense mechanisms. This article delves into the modus operandi of these hackers, the role of Velociraptor in their ransomware campaigns, and recommended cybersecurity measures to counteract these emerging threats. By staying informed and vigilant, organizations can better protect their assets against this evolving threat landscape.

This Cyber News was published on www.darkreading.com. Publication date: Fri, 10 Oct 2025 16:55:13 +0000


Cyber News related to Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
7 months ago Cybersecuritynews.com
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
8 months ago Cybersecuritynews.com
Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
1 year ago Apnews.com
Hackers now use Velociraptor DFIR tool in ransomware attacks - Cybersecurity experts have identified a new trend where hackers are leveraging Velociraptor, an open-source Digital Forensics and Incident Response (DFIR) tool, to facilitate ransomware attacks. Velociraptor, originally designed for threat hunting ...
1 month ago Bleepingcomputer.com
Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks - Chinese cybercriminals have been leveraging the Velociraptor incident response tool to facilitate ransomware attacks, marking a significant evolution in their tactics. Velociraptor, originally designed for digital forensics and incident response, is ...
4 weeks ago Darkreading.com Chinese hackers
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon
CVE-2023-0242 - Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden ...
2 years ago
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
1 year ago Techrepublic.com
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence
Attackers Abuse Velociraptor Forensic Tool to Evade Detection, Researchers Warn - Cybersecurity researchers have uncovered a new trend where attackers are abusing Velociraptor, a popular open-source forensic and endpoint monitoring tool, to evade detection and maintain persistence within compromised networks. Velociraptor is ...
2 months ago Thehackernews.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Belgium probes if Chinese hackers breached its intelligence service - According to The Brussels Times, the hacked server also routed internal HR exchanges among Belgian intelligence personnel, raising concerns about the potential exposure of sensitive personal data including identity documents and CVs belonging to ...
8 months ago Bleepingcomputer.com APT3 APT30 GALLIUM
CISA, Rapid7, and Velociraptor: Addressing a Critical Vulnerability - The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with Rapid7 and Velociraptor, has identified and addressed a critical vulnerability affecting Velociraptor, an open-source endpoint monitoring tool widely used in ...
3 weeks ago Cybersecuritynews.com CVE-2024-12345
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape
Best Ransomware Protection Practices for Midsize Organizations - Ransomware Protection has emerged as a crucial step in cybersecurity since ransomware attacks have become a major threat to businesses of all sizes, including midsize organizations. Ransomware attacks can be delivered via email attachments or links, ...
1 year ago Securityboulevard.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Chinese Hackers Turn To Golang For Malware - Chinese hackers are increasingly turning to the open-source programming language Golang to maliciously code and launch new cyberattacks. According to the latest analysis by The Hacker News, this has resulted in an increase in the number of cyber ...
2 years ago Thehackernews.com BlackTech Carbanak
Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware - COMMENTARY. The US government is ramping up efforts to stem the increasingly disruptive scourge of ransomware attacks. The State Department recently offered up to $15 million for information on LockBit, and $10 million for information on the ...
1 year ago Darkreading.com LockBit

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)