A hacker group known in the cybersecurity world as "EncryptHub," entirely driven by financial gain, continues to infiltrate corporate networks by exploiting a security vulnerability in Microsoft Windows systems. Combining technical manipulation with the power of persuasion (social engineering), this gang aims to infect companies' internal networks with malware that steals sensitive data from devices.

The most striking aspect of the attack is that the hackers target company employees directly. Disguising themselves as someone from the organization's "Information Technology (IT)" department, the attackers reach out to victims via Microsoft Teams and request a remote connection. They then upload two different files with the same name to the system, one malicious and the other appearing completely innocent. The moment the employee opens the file they believe to be harmless, a hidden vulnerability in the system is triggered, and the actual spyware silently activates in the background, taking control of the device.

Placing great importance on stealth, this group uses highly cunning methods to evade security systems. To hide their malicious files, they exploit legitimate support platforms and infiltrate devices through fake video conferencing applications. Furthermore, while transferring the captured data to their own servers, they manage to cover their tracks by creating fake internet traffic in the background, making it appear as though they are browsing popular websites, in order to avoid drawing the attention of cybersecurity experts.

Some of the precautions we need to take to protect against these types of attacks include:

• Do not open emails from untrusted sources.

• Use multi-factor authentication (MFA).

• Keep your system updated to the latest version at all times.

• Monitor login logs regularly.

• Track the security of mobile devices.

  
  

For detailed information, you can reach out to our experts at info@zerosecond.ae