A hacker known as EncryptHub has received recognition from Microsoft for revealing two vulnerabilities in Windows. This individual, assessed as a lone wolf actor, has a complex background in cybersecurity and cybercrime.

Recent analysis from Outpost24 KrakenLabs highlighted EncryptHub’s profile, revealing that approximately ten years ago, he left Kharkov, Ukraine, and relocated near the Romanian coast. Following his disclosures, Microsoft credited a party named "SkorikARI," recognized as an alias of EncryptHub, for discovering security issues including:

• CVE-2025-24061 (CVSS score: 7.8) – A security feature bypass vulnerability within Microsoft Windows Mark-of-the-Web.
• CVE-2025-24071 (CVSS score: 6.5) – A spoofing vulnerability in Microsoft Windows File Explorer.

In mid-2024, EncryptHub gained notoriety for distributing various malware types via a falsified WinRAR site and a GitHub repository named "encrypthub." His technical activities have shifted over time, including utilizing a Microsoft Management Console zero-day vulnerability to deploy information stealers and backdoors called SilentPrism and DarkWisp.

Since March 2024, EncryptHub has been implicated in compromising over 618 high-value targets across diverse industries. Lidia Lopez, a Senior Threat Intelligence Analyst at Outpost24, stated that their investigation indicates these activities stem from a single individual, although there’s a hint of possible collaboration given the presence of another user in one of the Telegram channels with administrative rights.

While the actor kept a low profile and studied computer science online after moving, his exploits were notably interrupted in early 2022 when hostilities related to the Russo-Ukrainian war began. It’s suggested that he could have been jailed during this period. Following his release, he attempted a legitimate career in web and app development services, but the low pay likely pushed him toward cybercrime by mid-2024.

EncryptHub’s early foray into cybercrime included the creation of Fickle Stealer, a Rust-based malware. Through self-infections due to poor operational security, researchers were able to uncover more details about his digital activities.

Notably, EncryptHub has leveraged technology like OpenAI’s ChatGPT to enhance his cybercriminal endeavors, employing it for malware development and operational tasks. Despite the sophistication of his technical skills, fundamental mistakes in operational security ultimately led to his exposure.

Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.