Warlock is a ransomware-as-a-service (RaaS) operation that first emerged in early June 2025 on the Russian-language RAMP cybercrime forum, advertising its services to potential affiliates. This group, also tracked as GOLD SALEM and strongly associated with the China-based threat actor Storm-2603, rapidly adopted a double-extortion model to profit from its intrusions. Warlock distinguishes itself through its rapid exploitation of newly discovered zero-day vulnerabilities in Microsoft SharePoint, collectively referred to as ToolShell, and the deployment of custom Command-and-Control (C2) frameworks. The group has quickly established a global reach, exploiting enterprise vulnerabilities for high-impact extortion activities across various continents and sectors. While the Warlock name is new, some reports suggest the actors behind it may have been active since 2019, potentially engaging in both espionage and financially motivated attacks, or that the Warlock ransomware payload itself is a

Paises afectados

URLs nuevas detectadas en IntelTracker