EncryptHub, a financially motivated threat actor linked to ransomware groups, has been orchestrating complex phishing campaigns to deploy malware like information stealers and ransomware. Common tactics include creating phishing sites for obtaining VPN credentials, employing smishing and vishing strategies to deceive targets, and utilizing trojanized applications. The group is known to leverage operational security errors and exploits of popular software vulnerabilities. Their operations rely on third-party Pay-Per-Install services, alongside bulletproof hosting, to facilitate attacks on high-value individuals within various industries.
"EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions," Outpost24 KrakenLabs said in a new report shared with The Hacker News.
"The actor usually creates a phishing site that targets the organization to obtain the victim's VPN credentials," PRODAFT said. "The victim is then called and asked to enter the victim's details into the phishing site for technical issues, posing as an IT team or helpdesk."
Collection
[
|
...
]