Over 600 organizations subjected to global EncryptHub attacks

Over 600 organizations subjected to global EncryptHub attacks | brief | SC Media Threat Intelligence , Phishing , Malware Over 600 organizations subjected to global EncryptHub attacks February 27, 2025 Share By SC Staff (Adobe Stock) At least 618 organizations around the world had their networks compromised by the EncryptHub threat actor, also known as Larva-208, in a social engineering and spear-phishing attack campaign that has been ongoing since June, according to BleepingComputer . After leveraging SMS and voice phishing, as well as fraudulent login pages for Microsoft 365, Cisco AnyConnect, and other corporate VPN offerings to facilitate initial access, EncryptHub lured targets into installing AnyDesk, TeamViewer, and other remote monitoring and management software for lateral movement before utilizing PowerShell scripts that deliver the Rhadamanthys, Stealc, and Fickle Stealer infomation-stealing payloads, a report from PRODAFT revealed. Aside from exfiltrating cryptocurrency wallet and VPN client configuration data, EncryptHub also sought to compromise password manager data and files with certain file extensions and keywords before deploying a custom PowerShell-based data encryptor. Further analysis showed the presence of the Larva-148 subgroup, from which EncryptHub may be obtaining its domains and phishing kits. SC Staff Related Phishing Upswell of device code phishing intrusions reported SC Staff April 6, 2026 BleepingComputer reports that device code phishing intrusions have increased by 37.5 times so far this year. Threat Intelligence Evolving Russian cyberattacks against Ukraine detailed SC Staff April 6, 2026 Attacks launched by Russian threat actors against Ukraine were noted by Ukraine's Computer Emergency Response Team to have been evolving during the past year, reports The Record, a news site by cybersecurity firm Recorded Future. Threat Intelligence Drift Protocol crypto heist pinned on North Korean APT SC Staff April 6, 2026 The Hacker News reports that North Korean state-backed hacking operation UNC4736 was blamed for the Apr. 1 crypto heist against Solana-based decentralized finance exchange Drift Protocol, which resulted in the theft of $285 million. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Backdoor Corruption DNS Spoofing Deauthentication Attack Defacement Dictionary Attack Drive-by Download DumpSec Google Hacking Password Cracking You can skip this ad in 5 seconds