Hackers are reportedly exploiting the Velociraptor digital forensics and incident response (DFIR) tool in ransomware attacks linked to the Storm-2603 group, also known as Gold Salem, which has been associated with the Warlock and LockBit ransomware variants. This adaptation of legitimate security utilities allows attackers to conduct stealthy data thefts and maintain persistence within compromised systems. Cybersecurity analysts caution organizations to audit the use of such tools and be vigilant for unusual behavior patterns indicative of potential breaches. The incident underscores a growing trend in cyberattacks, where attackers leverage legitimate tools for malicious purposes, highlighting the need for enhanced defensive measures in cybersecurity protocols to protect sensitive data.