«
»

Outpost24 Research on Multi-Stage EncryptHub Malware Campaign

Outpost24’s KrakenLabs has released research on a new EncryptHub multi-stage malware campaign.

While previous reports have begun to shed light on the operation of this rising criminal entity, Outpost24’s KrakenLabs investigation has gone a step further, uncovering previously unseen aspects of their infrastructure, tooling, and behavioral patterns.

Through a series of operational security (OPSEC) missteps, EncryptHub inadvertently exposed critical elements of its ecosystem, allowing Outpost24 to map their tactics with unprecedented depth.

Their lapses include directory listing enabled on key infrastructure components, hosting stealer logs alongside malware executables and PowerShell scripts, and revealing Telegram bot configurations used for data exfiltration and campaign tracking.

These mistakes provided a unique vantage point into their operations, enabling Outpost24’s researchers to dissect their attack chain and methodologies in ways that have not yet been publicly detailed.

You can read the research here.

This entry was posted on March 6, 2025 at 9:42 am and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Outpost24 Research on Multi-Stage EncryptHub Malware Campaign”

  1. Outpost24 Research (Part 2): Unmasking EncryptHub – Help from ChatGPT & OPSEC blunder | The IT Nerd Says:
    April 3, 2025 at 11:36 am

    […] who has been gaining popularity in recent months and is heavily expanding and evolving operations. Part 1 covered EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and […]

    Reply

Leave a Reply to Outpost24 Research (Part 2): Unmasking EncryptHub – Help from ChatGPT & OPSEC blunder | The IT NerdCancel reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading