FlagThis

Cybersecurity firm Prodaft reports that a cyber threat actor known as EncryptHub, also called Larva-208, has compromised at least 618 organizations globally since June 2024. The group conducts widespread spear-phishing and social engineering campaigns to infiltrate corporate networks, employing tactics like SMS phishing (smishing), voice phishing (vishing), and email phishing. These campaigns aim to steal credentials and ultimately deploy ransomware on victim systems.

EncryptHub uses sophisticated techniques, including impersonating IT personnel to trick employees into divulging VPN credentials or installing Remote Monitoring and Management (RMM) software. The group has also registered over 70 domain names mimicking VPN services to enhance the credibility of their phishing attacks. Once inside a network, EncryptHub deploys info-stealing malware and ransomware, like their proprietary Locker.ps1 which uses AES encryption to lock files and demands cryptocurrency payments.

ImgSrc: www.the420.in

References :

• gbhackers.com: GBHackers article about LARVA-208 Hackers Compromise 618 Organizations Stealing Logins and Deploying Ransomware
• Talkback Resources: TalkBack describes EncryptHub Exposed: 600+ Targets Hit by LARVA-208
• The420.in: The420 article about EncryptHubTargets 618 Organizations with Phishing and Ransomware Attacks

Classification:

• HashTags: #Cybersecurity #Phishing #Ransomware
• Company: Prodaft
• Target: Organizations worldwide
• Attacker: EncryptHub
• Feature: Spear-phishing
• Type: Ransomware
• Severity: Major