A complex story of cybersecurity talent gone astray has emerged as Microsoft credited the notorious threat actor EncryptHub for reporting two Windows security vulnerabilities, while evidence of his criminal activities continues to surface.
According to research by Outpost24 KrakenLabs, EncryptHub, also known as SkorikARI, is a Ukrainian-born individual who relocated near Romania after fleeing his hometown. Following a period of IT work and independent study, his activities went dark in 2022, possibly due to incarceration.
Upon resuming work in 2024, financial struggles apparently led him down a darker path. He became involved in cybercrime operations, starting with vishing and ransomware before advancing to sophisticated malware development and vulnerability research.
In an unexpected turn, Microsoft acknowledged EncryptHub for responsibly disclosing two security flaws: CVE-2025-24061, affecting Windows Mark-of-the-Web, and CVE-2025-24071, a Windows File Explorer vulnerability. Both issues were patched in March 2025's security updates.
However, EncryptHub's criminal activities overshadow his legitimate security work. He recently exploited a Microsoft Management Console zero-day vulnerability (CVE-2025-26633) to deploy malicious software including SilentPrism and DarkWisp backdoors.
Despite his technical prowess, EncryptHub made basic security mistakes that exposed his operations. These included password reuse, inadequate two-factor authentication, and poor server security. His casual approach to operational security allowed investigators to unmask his identity and infiltrate his criminal networks.
Perhaps most remarkably, EncryptHub used ChatGPT as a confidant, discussing his hacking achievements and seeking career advice while weighing the balance between legitimate and criminal pursuits. He now appears to be leveraging his notoriety to establish a controversial security brand through aggressive campaigns.
The case serves as a reminder that even skilled hackers can be undone by neglecting basic security practices, while highlighting the ongoing challenge of talented individuals choosing between ethical and criminal applications of their expertise.