CSO Online

Open-source DFIR Velociraptor was abused in expanding ransomware efforts

China-based threat actors abused outdated Velociraptor to maintain persistence and help deploy Warlock, LockBit, and Babuk ransomware.