EncryptHub breaches 618 orgs to deploy infostealers, ransomware

EncryptHub, also known as Larva-208, has compromised at least 618 organizations since June 2024 using spear-phishing and social engineering attacks. The threat actor deploys RMM software, infostealers, and ransomware, including a custom PowerShell encryptor, to steal data and encrypt files. EncryptHub is affiliated with RansomHub and BlackSuit, often deploying their ransomware encryptors.