Microsoft Acknowledges EncryptHub for Reporting Windows Vulnerabilities
- Jhade
- 1 day ago
- 2 min read
Updated: 20 hours ago
Microsoft has publicly credited the hacker known as EncryptHub for identifying and reporting two security vulnerabilities in the Windows operating system. This recognition sheds light on an individual whose activities blur the lines between ethical cybersecurity research and cybercriminal endeavors.
Vulnerabilities Reported
According to an analysis by Outpost24 KrakenLabs, EncryptHub is believed to be a lone actor who relocated from Kharkov, Ukraine, to an area near the Romanian coast approximately a decade ago. Operating under various aliases, including "SkorikARI," EncryptHub reported the following vulnerabilities, which Microsoft addressed in its March Patch Tuesday release:
CVE-2025-24061: A Mark-of-the-Web (MotW) security feature bypass vulnerability with a CVSS score of 7.8.
CVE-2025-24071: A File Explorer spoofing vulnerability with a CVSS score of 6.5.
Despite these contributions to Microsoft's security, EncryptHub has a history of cybercriminal activities. In mid-2024, the hacker was linked to a campaign distributing malware through a counterfeit WinRAR website. More recently, EncryptHub exploited a zero-day vulnerability in the Microsoft Management Console (CVE-2025-26633) to deploy information stealers and backdoors, such as SilentPrism and DarkWisp.
Security firm PRODAFT estimates that EncryptHub has compromised over 618 high-value targets across various industries within a nine-month period. Outpost24's investigation suggests that these operations are likely the work of a single individual, though potential collaborations cannot be entirely dismissed.
The hacker's trajectory includes a period of inactivity around early 2022, coinciding with the onset of the Russo-Ukrainian war and possible incarceration. Following release, EncryptHub attempted to establish a legitimate career in web and app development, even participating in bug bounty programs. However, limited success in these areas appears to have led to a pivot back to cybercriminal activities by mid-2024.
This complex blend of legitimate security research and illicit hacking underscores the challenges in distinguishing between ethical and malicious activities within the cybersecurity landscape.
