The adversary identified as EncryptHub took advantage of a newly-fixed security flaw in Microsoft Windows, classifying it as a zero-day to deploy various malware groups, encompassing backdoors and data exfiltrators like Rhadamanthys and StealC.
“In this incursion, the threat actor exploits .msc files and the Multilingual User Interface Path (MUIPath) to retrieve and run harmful payloads,”