Russian Threat Group EncryptHub Exploits Microsoft MMC Vulnerability to Deliver Fickle Stealer Malware

The Russian threat group EncryptHub has been observed exploiting a patched vulnerability in Microsoft Windows, specifically within the Microsoft Management Console (MMC), identified as CVE-2025-26633 (also known as MSC EvilTwin). This campaign employs a combination of social engineering and vulnerability exploitation to deliver the Fickle Stealer malware. The MMC vulnerability allows attackers to execute malicious code by exploiting flaws in how MMC handles certain files or configurations. Once exploited, the attackers can install Fickle Stealer, a malware designed to steal sensitive information such as credentials and financial data. The technical implications of this campaign are significant, as it highlights the ongoing threat posed by advanced persistent threats (APTs) and the critical importance of timely patch management. Organizations using affected versions of Windows are at risk of data breaches and financial losses. Mitigation strategies include ensuring all systems are updated with the latest security patches, educating users about phishing and social engineering attacks, and implementing robust endpoint protection solutions. This incident underscores the need for proactive threat intelligence, layered security measures, and comprehensive incident response planning. Cybersecurity professionals should prioritize patching this vulnerability and enhancing their security posture to defend against such advanced threats.