Skip Navigation
Get a Demo
 
Share
 
 
 
 
 
 
 
 
Resources Videos
Security operations

Red Canary Office Hours: Episode 40 – The hidden tunnels of STORM-2603’s ransomware ops

Air Date: November 4, 2025

The hidden tunnels of STORM-2603’s ransomware ops

Dave and Keith are joined by Principal Security Researcher Phil Hagen to peel back the layers of STORM-2603, a suspected China-based threat actor group and how it leverages legitimate tools to lead to tunneling malicious traffic and ransomware deployment.

Phil discusses how adversaries’ use of DFIR-focused tools can complicate detection opportunities and how organizations can mitigate risks through auditing and blocklists.

View the video
Episode 40: Crash course on STORM-2603
Resources mentioned in this episode
Atomic Red Team
Atomic Red Team MCP #1 - Claude becomes the APT
STORM-2603
Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks
OpenAI
Introducing Aardvark: OpenAI's agentic security researcher
Related Resources
Red Canary Office Hours: Episode 45 – Unwrapping the mysteries of Shai Hulud
Videos| Security operations
Red Canary Office Hours: Episode 45 – Unwrapping the mysteries of Shai Hulud
Red Canary Office Hours: Episode 44 – Naughty or nice: decoding normal vs. anomalous behavior
Videos| Security operations
Red Canary Office Hours: Episode 44 – Naughty or nice: decoding normal vs. anomalous behavior
Red Canary Office Hours: Episode 43 – Defense-in-depth strategies to keep you warm
Videos| Security operations
Red Canary Office Hours: Episode 43 – Defense-in-depth strategies to keep you warm
Red Canary Office Hours: Episode 42 – A cornucopia of Intelligence Insights
Videos| Security operations
Red Canary Office Hours: Episode 42 – A cornucopia of Intelligence Insights
 

See Red Canary in action

Watch the 10-minute demo now.
Watch the demo

Security gaps? We got you.

Sign up for our monthly email newsletter for expert insights on MDR, threat intel, and security ops—straight to your inbox.

 
 
 
 
Back to Top