This article provides an in-depth exploration of EncryptHub, a rising cybercriminal, detailing his background, mistakes in operational security (OPSEC), and reliance on AI tools like ChatGPT in his malicious activities. The story reflects the duality of EncryptHub’s aspirations as a legitimate security researcher and his descent into cybercrime. Affected: Cybercrime sector, cybersecurity landscape
Keypoints :
- EncryptHub is a regular individual turned cybercriminal, facing issues in his transition from a legitimate career.
- His cybercriminal activities began intensifying in 2024 after failures in legitimate job pursuits.
- He made significant OPSEC mistakes, such as password reuse and not enabling two-factor authentication (2FA).
- EncryptHub utilized ChatGPT for coding, configuration, and even writing, treating it as a co-conspirator.
- His activities illustrate flaws in current cybersecurity measures and the importance of basic security protocols.
- Despite his criminal activities, he received recognition from MSRC for legitimate vulnerability researcher work.
MITRE Techniques :
- T1190 – Exploit Public-Facing Application: Exploited vulnerabilities in applications and services.
- T1486 – Data Encrypted for Impact: Engaged in ransomware-related campaigns.
- T1071 – Application Layer Protocol: Used Telegram for communication and bot interactions in campaigns.
- T1140 – Deobfuscate/Decode Files or Information: Utilized obfuscated files for malware delivery.
- T1363 – Software Deployment Tools: Leveraged tools to deploy malware across systems.
Indicator of Compromise :
- [Domain] 0xffsec[.]net
- [Domain] eatertoken[.]com
- [Domain] friendlyguys[.]vip
- [URL] hxxps://vexio[.]io/application/Vexio.Meets.application
- [IP Address] 206.166.251.99
Full Story: https://outpost24.com/blog/unmasking-encrypthub-chatgpt-partner-crime/