Today Outpost24’s KrakenLabs published Part 2 of its investigation into EncryptHub, an up-and-coming cybercriminal who has been gaining popularity in recent months and is heavily expanding and evolving operations. Part 1 covered EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and targets.
In part 2 Unmasking EncryptHub: help from ChatGPT & OPSEC blunders, the researchers explore the:
- Last decade online with a particular focus on EncryptHub’s one-year-old foray into cybercrime
- OPSEC mistakes EncryptHub made along the way, including the reuse of passwords, the use of personal email accounts and usernames to register and manage several assets tied to his criminal activities
- Heavy reliance on ChatGPT and a few key errors which lead to his unmasking
- Most notable ‘developer-related’ mistake: poor access management on his C2 server, leaving confidential parts of the server exposed with directory listing enabled, accessible to anyone without authentication
The researchers hope to reveal a human image beyond the amorphous dark entity that the generic tag of ‘Threat Actor’ usually gives.
Like this:
Like Loading...
Related
This entry was posted on April 3, 2025 at 11:36 am and is filed under Commentary with tags Outpost24. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Outpost24 Research (Part 2): Unmasking EncryptHub – Help from ChatGPT & OPSEC blunder
Today Outpost24’s KrakenLabs published Part 2 of its investigation into EncryptHub, an up-and-coming cybercriminal who has been gaining popularity in recent months and is heavily expanding and evolving operations. Part 1 covered EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and targets.
In part 2 Unmasking EncryptHub: help from ChatGPT & OPSEC blunders, the researchers explore the:
The researchers hope to reveal a human image beyond the amorphous dark entity that the generic tag of ‘Threat Actor’ usually gives.
Share this:
Like this:
Related
This entry was posted on April 3, 2025 at 11:36 am and is filed under Commentary with tags Outpost24. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.