What’s new: A Russian hacking group known as EncryptHub is exploiting the MSC EvilTwin vulnerability (CVE-2025-26633) in Microsoft Windows to deploy Fickle Stealer malware. This campaign combines social engineering tactics with technical exploitation, using rogue Microsoft Console (MSC) files to trigger infections. The group has been active since mid-2024 and employs various methods, including fake job offers and compromised gaming platforms, to deliver malware.
Who’s affected
Organizations using Microsoft Windows, particularly those that may be vulnerable to CVE-2025-26633, are at risk. The threat actor targets internal environments through social engineering and technical exploits.
What to do
- Ensure that all systems are updated with the latest security patches, particularly those addressing CVE-2025-26633.
- Implement user awareness training to recognize social engineering tactics, especially related to unsolicited requests via platforms like Microsoft Teams.
- Monitor network traffic for unusual activity that may indicate malware communication with command-and-control servers.
- Consider employing layered security measures, including endpoint protection and threat intelligence solutions.
