Skip to main content
News

Cyber News Rundown: 618 organizations compromised by EncryptHub threat group

  • February 28, 2025
  • 3 replies
  • 16 views
Cyber News Rundown: 618 organizations compromised by EncryptHub threat group
Forum|alt.badge.img+7
  • Threat Research Analyst
  • 4 replies

In the 8 months since first appearing on the threat landscape, it is believed that the threat group operating under the name, EncryptHub, have successfully breached 618 organizations through the use of phishing and social engineering campaigns. The phishing tactics used by this group are unique in that they impersonate various IT support groups to gain the trust of their victims, and own dozens of domains that are very similar to the domains of the remote access tools used by legitimate support groups. After gaining access to these corporate networks, EncryptHub has been known to deploy infostealers to gather accessible data as well as executing a range of ransomware variants, by potentially affiliating with groups like RansomHub and BlackSuit.

Anubis ransomware offers variety of services

Researchers have been tracking a relatively new ransomware group, Anubis, since late 2024 and have identified that the group offers a multitude of services for compromising organizations. In addition to the expected ransomware attacks, which gives the affiliate the largest cut of any payments made by victims, Anubis also offers data ransom service to assist with ransoming and publishing recently stolen data, though the affiliate cut is much lower. Finally, Anubis offers Access Monetization, which pays affiliates for access to newly breached organizations throughout the Western World, that haven't been targeted by other ransomware groups within the past year.

LockBit threat actors threaten FBI with major leak

At the beginning of the week, the threat actors behind the notorious LockBit ransomware group issued a message to the newly appointed FBI director, regarding the inevitable leak of highly classified information that had the potential to cause significant damage to the agency. The message, which was posted to the group’s leak site, instructs Director Kash Patel to contact the group and take delivery of a data trove that allegedly contains information on the agency’s shady dealings and operations.

Hacker publishes data trove from French telecom

Over the weekend, a hacker going by the alias ‘Rey’ published a large data trove that was exfiltrated from the French telecommunications firm, Orange Group. The hacker claimed to have maintained access to Orange’s systems for nearly a month before starting the exfiltration process, which included employee and customer information, payment card data, and source code. Officials for Orange Group are still investigating this incident, but have confirmed that they were breached, but don't appear to be entering negotiations with the hacker.

Employment screening firm suffers massive breach

Nearly a year after staff at DISA Global Solutions discovered some unauthorized activity on their network, officials have confirmed that they fell victim to a data breach that affects 3.3 million individuals who used their employment screening services. The breach was identified in April of 2024, but the investigation has revealed that the threat actors had access for nearly 3 months before being detected, leading to major concerns over the security procedures that DISA had in place, considering the sensitivity of the information that they gather and store.

Did this help you find an answer to your question?

3 replies

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Thank you for the post ​@ConnorM 


ProTruckDriver
Moderator

Thank you ​@ConnorM 😎


TripleHelix
Moderator
Forum|alt.badge.img+63
  • Moderator
  • 9004 replies
  • March 1, 2025

Thanks ​@ConnorM 😎


Reply