‘EncryptHub’ OPSEC Failures Reveal TTPs & Big Plans

Researchers from Outpost24 uncovered operational security (OPSEC) failures and straightforward tactics used by the cybercriminal “EncryptHub,” challenging the notion of them as a sophisticated threat actor. EncryptHub, known for ransomware attacks, may be shifting to selling initial access to ransomware groups. The threat actor’s new remote access program, “EncryptRAT,” could be commercialized, suggesting a potential move towards tool development and exploit creation.