Summary: Security researchers from Trend Micro have identified a zero-day vulnerability (CVE-2025-26633) that was exploited by the EncryptHub ransomware gang. This exploit targets the Microsoft Management Console (MMC) framework, allowing attackers to execute malicious code and exfiltrate data. The report indicates that the attack technique involves manipulating .msc files and using various delivery methods to deploy malware.
Affected: Microsoft Management Console (MMC)
Keypoints :
- Zero-day CVE-2025-26633 was patched by Microsoft earlier this month.
- EncryptHub, an affiliate of the RansomHub gang, is responsible for the exploitation.
- The attack involves creating identical .msc files, allowing for the execution of malicious code through the manipulation of MUIPath.
- Trend Micro identified various payloads including EncryptHub stealer and DarkWisp backdoor used in this campaign.
- This is not the first instance of zero-day exploitation related to MMC, as similar attacks were reported in the past.
Source: https://www.securityweek.com/russian-ransomware-gang-exploited-windows-zero-day-before-patch/