CyberSecurity news
FlagThis
Swagta Nath@The420.in - 1h
EncryptHub, also known as LARVA-208, is a sophisticated cyber threat actor conducting widespread spear-phishing and social engineering campaigns. Since June 2024, the group has successfully infiltrated at least 618 organizations globally. EncryptHub employs SMS phishing (smishing) and voice phishing (vishing) to distribute infostealers and ransomware, targeting corporate networks worldwide. Cybersecurity firms Catalyst and Prodaft report the group impersonates IT personnel to trick employees into revealing VPN credentials or installing remote monitoring software, bypassing multi-factor authentication and redirecting victims to legitimate login pages.
EncryptHub registers domain names mimicking popular VPN services to enhance phishing campaign credibility. Once inside, custom PowerShell scripts install information-stealing malware to extract sensitive data, including credentials and system information. The final stage involves deploying ransomware payloads like Locker.ps1 to encrypt files and demand cryptocurrency payments. The group has also been linked to other ransomware strains such as RansomHub and BlackSuit, causing widespread operational disruptions.
ImgSrc: www.the420.in
References :
EncryptHub registers domain names mimicking popular VPN services to enhance phishing campaign credibility. Once inside, custom PowerShell scripts install information-stealing malware to extract sensitive data, including credentials and system information. The final stage involves deploying ransomware payloads like Locker.ps1 to encrypt files and demand cryptocurrency payments. The group has also been linked to other ransomware strains such as RansomHub and BlackSuit, causing widespread operational disruptions.
ImgSrc: www.the420.in
Share:
References :
- The420.in: A sophisticated cyber threat actor known as EncryptHub (Larva-208) has been conducting widespread spear-phishing and social engineering campaigns to infiltrate corporate networks worldwide.
- gbhackers.com: A newly identified cybercriminal group, LARVA-208, also known as EncryptHub, has successfully infiltrated 618 organizations globally since June 2024, leveraging advanced social engineering techniques to steal credentials and deploy ransomware.
- Talkback Resources: A threat actor named LARVA-208, also known as EncryptHub, has been conducting targeted spear-phishing attacks using sophisticated social engineering techniques to deploy ransomware and steal credentials from corporate networks, compromising over 600 organizations since June 2024.
Classification:
- HashTags: #cyberattack #phishing #infostealer
- Company: Prodaft
- Target: Organizations
- Attacker: EncryptHub
- Feature: phishing
- Malware: EncryptHub
- Type: Hack
- Severity: Major