Summary: The threat actor EncryptHub has been connected to SkorikARI after self-infection led to exposure of credentials, allowing researchers to track both cybercriminal and security research activities. The exposed credentials revealed links to Windows zero-day vulnerabilities that EncryptHub reportedly disclosed to Microsoft. This duality of identity reflects a complex individual straddling the line between malware development and ethical research.
Affected: Microsoft, 618 organizations
Keypoints :
- EncryptHub linked to the disclosure of two Windows zero-days, CVE-2025-24061 and CVE-2025-24071.
- Connection to SkorikARI confirmed through credential exposure and multiple pieces of evidence.
- EncryptHub’s activities include both freelance development and cybercrime, showcasing poor operational security practices.