Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

Russian hacking group Water Gamayun (aka EncryptHub) is exploiting a Windows vulnerability to deploy two new backdoors: SilentPrism and DarkWisp. Using malicious installer files disguised as legitimate software, they also distribute Rhadamanthys Stealer and custom EncryptHub Stealer variants that collect system information, passwords, and cryptocurrency data. The group employs sophisticated techniques like using IntelliJ’s runnerw.exe to execute malicious scripts and has recently moved from GitHub to their own infrastructure for command-and-control operations.​​​​​​​​​​​​​​​​

*****
Written on