Summary: The threat actor known as βEncryptHubβ has been actively targeting organizations globally since June 2024, using spear-phishing and social engineering tactics to gain access to corporate networks. Upon infiltration, EncryptHub installs remote access tools and deploys data-stealing malware, often culminating in ransomware attacks. This sophisticated group also engages in domain purchasing for phishing, demonstrating advanced cyber-attack techniques to evade detection and compromise high-value targets.
Affected: Corporate organizations worldwide
Keypoints :
- EncryptHub has compromised at least 618 organizations through SMS phishing, voice phishing, and impersonation tactics.
- Once access is gained, threat actors deploy RMM software and infostealers, compromising sensitive data and system integrity.
- The group is known for its custom malware and sophisticated ransomware attacks, using tailored social engineering methods to maximize effectiveness.