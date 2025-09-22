Cybernews reports that attacks by the WarLock ransomware gang , also known as Storm-2603 and GOLD SALEM, against private and government entities in the Americas and Europe have ramped up since its emergence in March.

Sixty organizations were claimed to have been compromised by WarLock this month alone, according to a report from the Sophos Counter Threat Unit Research Team. WarLock was noted by researchers to have been brought to public consciousness by an alleged representative's solicitation of enterprise application exploits in June, with the group having since launched attacks abusing a SharePoint zero-day vulnerability to enable web shell deployment.

Aside from harnessing the WebSockets server and Velociraptor for persistence and clandestine tunneling, respectively, WarLock has also moved to leverage other tools for credential exfiltration, ransomware execution, and lateral movement in targeted networks.

Organizations have been advised to implement stronger patching policies and consistent attack surface monitoring to counter the rising threat of WarLock.

"Awareness of how groups like WarLock operate is critical for businesses aiming to shore up defenses before they're targeted," said Sophos.