https://community.isc2.org/t5/Threats/Attackers-Abuse-Velociraptor-Forensic-Tool-to-Deploy-Visual/m-p/83513#M1706 <P>Hi All</P><P>&nbsp;</P><P>Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called <A href="https://www.rapid7.com/products/velociraptor/" target="_blank" rel="noopener">Velociraptor</A>, illustrating ongoing abuse of legitimate software for malicious purposes.</P><P>"In this incident, the threat actor used the tool to download and execute Visual Studio Code with the likely intention of <A href="https://thehackernews.com/2024/12/hackers-weaponize-visual-studio-code.html" target="_blank" rel="noopener">creating a tunnel</A> to an attacker-controlled command-and-control (C2) server," the Sophos Counter Threat Unit Research Team <A href="https://news.sophos.com/en-us/2025/08/26/velociraptor-incident-response-tool-abused-for-remote-access/" target="_blank" rel="noopener">said</A> in a report published this week.</P><P>While threat actors are known to adopt living-off-the-land (LotL) techniques or take advantage of legitimate remote monitoring and management (RMM) tools in their attacks, the use of Velociraptor signals a tactical evolution, where incident response programs are being used to obtain a foothold and minimize the need for having to deploy their own malware.</P><P>&nbsp;</P><P><A href="https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html" target="_blank">https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Sun, 31 Aug 2025 22:18:02 GMT Caute_cautim 2025-08-31T22:18:02Z https://community.isc2.org/t5/Threats/Attackers-Abuse-Velociraptor-Forensic-Tool-to-Deploy-Visual/m-p/83513#M1706 <P>Hi All</P><P>&nbsp;</P><P>Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called <A href="https://www.rapid7.com/products/velociraptor/" target="_blank" rel="noopener">Velociraptor</A>, illustrating ongoing abuse of legitimate software for malicious purposes.</P><P>"In this incident, the threat actor used the tool to download and execute Visual Studio Code with the likely intention of <A href="https://thehackernews.com/2024/12/hackers-weaponize-visual-studio-code.html" target="_blank" rel="noopener">creating a tunnel</A> to an attacker-controlled command-and-control (C2) server," the Sophos Counter Threat Unit Research Team <A href="https://news.sophos.com/en-us/2025/08/26/velociraptor-incident-response-tool-abused-for-remote-access/" target="_blank" rel="noopener">said</A> in a report published this week.</P><P>While threat actors are known to adopt living-off-the-land (LotL) techniques or take advantage of legitimate remote monitoring and management (RMM) tools in their attacks, the use of Velociraptor signals a tactical evolution, where incident response programs are being used to obtain a foothold and minimize the need for having to deploy their own malware.</P><P>&nbsp;</P><P><A href="https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html" target="_blank">https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Sun, 31 Aug 2025 22:18:02 GMT https://community.isc2.org/t5/Threats/Attackers-Abuse-Velociraptor-Forensic-Tool-to-Deploy-Visual/m-p/83513#M1706 Caute_cautim 2025-08-31T22:18:02Z