Bleeping Computer reports that “EncryptHub,” a/k/a “Larva-208,” has been targeting organizations worldwide with spear-phishing and social engineering attacks:
According to a report by Prodaft, which was published internally last week and made public yesterday, since June 2024, when EncryptHub initiated operations, it has compromised at least 618 organizations.
After gaining access, the threat actors install Remote Monitoring and Management (RMM) software, followed by the deployment of information stealers like Stealc and Rhadamanthys. In many observed cases, EncryptHub also deploys ransomware on compromised systems.
Read more at Bleeping Computer.
