FlagThis

The cybercriminal group EncryptHub, also known as LARVA-208, has successfully breached 618 organizations globally since June 2024. The group utilizes sophisticated social engineering techniques, including spear-phishing, to steal credentials and deploy ransomware on corporate networks. The attacks are designed to compromise systems and steal sensitive information, showcasing a high level of sophistication and a clear focus on targeting businesses worldwide.

LARVA-208's methods involve impersonating IT personnel and deceiving employees into divulging VPN credentials or installing remote management software. They have also been observed registering domain names mimicking popular VPN services to enhance the credibility of their phishing campaigns. After gaining access, the group deploys custom-developed PowerShell scripts to install information-stealing malware and ransomware, encrypting files on compromised systems and demanding cryptocurrency payments via ransom notes left on the victim device.

ImgSrc: www.the420.in

References :

• gbhackers.com: GBHackers article about LARVA-208 Hackers Compromise 618 Organizations Stealing Logins and Deploying Ransomware
• Talkback Resources: TalkBack describes EncryptHub Exposed: 600+ Targets Hit by LARVA-208
• The420.in: The420 article about EncryptHubTargets 618 Organizations with Phishing and Ransomware Attacks
• bsky.app: A threat actor tracked as 'EncryptHub,' aka Larva-208, has been targeting organizations worldwide with spear-phishing and social engineering attacks to gain access to corporate networks.
• bsky.app: A threat actor tracked as 'EncryptHub,' aka Larva-208,  has been targeting organizations worldwide with spear-phishing and social engineering attacks to gain access to corporate networks.

Classification:

• HashTags: #EncryptHub #Ransomware #Cybercrime
• Company: Multiple
• Target: 618 organizations
• Attacker: EncryptHub (aka LARVA-208)
• Product: Ransomware
• Feature: Ransomware
• Malware: EncryptHub
• Type: Ransomware
• Severity: Major