China-based group Storm-2603 has exploited an outdated version of the Velociraptor tool to maintain persistence and deploy multiple ransomware strains including Warlock, LockBit, and Babuk. This incident highlights the evolving tactics of threat actors utilizing legitimate tools for malicious purposes.