Nexanet
<- Go Back

EncryptHub’s Global Cyberattacks: How Social Engineering Enables Spear-Phishing & Ransomware

Customer Avatar
Justine Garrett
Product Marketing Manager

Cybercriminals are no longer relying on brute-force attacks to breach corporate networks. Instead, they’re exploiting human vulnerabilities through phishing, social engineering, and credential theft to gain direct access to corporate systems.

One of the most concerning threats today comes from EncryptHub (also known as LARVA-208), a sophisticated cybercriminal group that has breached at least 618 organizations worldwide. Their attack methods rely on OSINT (Open-Source Intelligence) techniques to gather employee contact details, launch SMS phishing (smishing) and voice phishing (vishing), and deploy fake corporate login pages to steal credentials. Once inside a corporate network, they install infostealers, remote access software, and ransomware, causing massive financial and reputational damage.

For Fortune 500 security leaders and IT professionals, this attack serves as a critical warning. If employee credentials are exposed, attackers can impersonate users, deceive colleagues, and infiltrate corporate systems without needing to breach traditional cybersecurity defenses.

How EncryptHub Uses Phishing & Social Engineering to Breach Organizations

Step 1: OSINT – Gathering Employee Data for Targeted Attacks

Before launching an attack, EncryptHub conducts extensive research on employees with access to critical systems. Using publicly available information (OSINT), they collect:

  • Corporate & personal email addresses
  • Phone numbers & social media profiles
  • Job titles, internal contacts, and company structures
  • Public speaking engagements or travel schedules

This data is often purchased from data brokers or scraped from LinkedIn, company websites, and past data breaches. The more information attackers have, the more convincing their phishing attempts become.

Step 2: Targeted Spear-Phishing & Social Engineering Attacks

With stolen employee data, EncryptHub tailors highly believable phishing campaigns using:

  • Smishing: Employees receive fake texts claiming a security issue with their VPN, Microsoft 365, or payroll account, leading them to a malicious login page.
  • Vishing: Attackers impersonate corporate security or IT staff, claiming there’s a login issue and directing employees to enter credentials on a fake corporate portal.
  • Fake Login Pages: EncryptHub has registered over 70 phishing domains, mimicking platforms like Cisco AnyConnect (VPN), Palo Alto GlobalProtect (VPN), Microsoft 365 (Email & Docs), and Fortinet VPN (Corporate Access).

Once employees enter their credentials, EncryptHub captures login details in real time—even intercepting multi-factor authentication (MFA) tokens to bypass security controls.

Step 3: Exploiting Stolen Credentials to Infiltrate Networks

Once inside corporate systems, EncryptHub:

  • Logs in to corporate accounts to steal sensitive data
  • Uses stolen credentials to infiltrate financial systems and conduct unauthorized transactions
  • Deploys Remote Monitoring & Management (RMM) tools like AnyDesk & TeamViewer to establish long-term access

EncryptHub leverages stolen employee credentials to escalate privileges within an organization. Because emails and messages appear to come from real users, IT and finance teams are often unaware of the compromise until damage is done.

Step 4: Deploying Malware & Ransomware

Once access is secured, EncryptHub:

  • Steals credentials from password managers like 1Password, Bitwarden, and LastPass
  • Extracts VPN configuration files to bypass security protocols
  • Deploys infostealers & spyware to extract financial documents and cryptocurrency wallets
  • Activates ransomware encryption to lock files and demand ransom payments via Telegram

Why Phishing Protection Is Essential to Stopping These Attacks

The EncryptHub cyberattacks prove that no security system is foolproof if employees are tricked into revealing credentials. Attackers are no longer just targeting IT systems—they are exploiting human behavior to bypass cybersecurity defenses.

Key Risks of Phishing Attacks in Corporate Security:

  • Employees with privileged access are prime cyberattack targets.
  • Social engineering bypasses traditional cybersecurity protections.
  • A single compromised account can lead to a company-wide breach.

How Fortune 500 Companies Can Protect Their Employees & Systems

Remove Employee Data from Public Sources (OSINT Cleanup)

  • Scrub personal contact details from data broker sites
  • Limit public exposure on LinkedIn & corporate websites
  • Monitor for stolen credentials on the dark web

Implement Phishing-Resistant Security Measures

  • Use physical security keys (YubiKey, Titan) instead of SMS-based MFA
  • Set up real-time login alerts for privileged accounts
  • Deploy AI-based email filtering to detect phishing attempts

Strengthen Authentication & Transaction Approval Processes

  • Require secondary verification (secure video calls) for high-risk transactions
  • Implement AI-driven anomaly detection for suspicious transfers
  • Restrict VPN access to pre-approved devices

Train Employees & Security Teams on Social Engineering Threats

  • Simulate phishing attacks regularly to test security awareness
  • Train employees on identifying fake login pages and voice phishing attempts
  • Establish a strict internal protocol for verifying financial transactions

Final Thoughts: Phishing & Social Engineering Are Cybersecurity’s Biggest Blind Spots

The EncryptHub cyberattacks demonstrate that credential theft through phishing remains one of the most effective cybercrime tactics. Attackers don’t need to break into networks when employees unknowingly provide access.

For Fortune 500 companies, financial institutions, and global enterprises, preventing social engineering attacks must be a top cybersecurity priority. By implementing phishing-resistant authentication, continuous monitoring, and strong employee training, organizations can eliminate their biggest security blind spot and prevent the next high-profile breach.

Protect Your Executive Identity with Nexanet

Cybercriminals exploit human vulnerabilities to bypass security systems. Nexanet provides advanced phishing protection and credential security solutions to help Fortune 500 companies and financial institutions defend against social engineering attacks.

Your Privacy, Our Priority

Learn what’s been shared without your consent.

Choose us to take a stand for your freedom and safeguard your right to privacy.