In a surprising turn of events, Microsoft has officially credited EncryptHub, a notorious cybercriminal allegedly responsible for over 618 high-profile data breaches, for responsibly disclosing two major vulnerabilities in Windows.
The hacker, operating under various aliases including SkorikARI, LARVA-208, and Water Gamayun, has been described by experts as a "conflicted individual" — caught between a legitimate passion for cybersecurity and a dark trail of cybercrime.
Microsoft Patch Tuesday Acknowledges Flaws Found by EncryptHub
As part of its March Patch Tuesday rollout, Microsoft patched two severe Windows vulnerabilities reported by the individual:
CVE-2025-24061 (CVSS 7.8): Mark-of-the-Web (MotW) Security Feature Bypass
CVE-2025-24071 (CVSS 6.5): File Explorer Spoofing Vulnerability
These flaws were submitted by someone using the handle "SkorikARI with SkorikARI," which cybersecurity analysts have confirmed links directly to EncryptHub.
Who Is EncryptHub? Lone Actor or Part of a Cybercrime Network?
According to a detailed investigation by Outpost24’s KrakenLabs, EncryptHub appears to be a lone wolf hacker who originally fled Kharkov, Ukraine, a decade ago and settled near the Romanian coast.
While operating covertly for years, EncryptHub has now come into the limelight due to both their ethical disclosures and malicious exploits.
Outpost24’s Senior Threat Intelligence Analyst, Lidia Lopez, commented:
From Bug Bounties to Malware Campaigns: The Rise of EncryptHub
EncryptHub first gained public notoriety in mid-2024 through a fake WinRAR site designed to deliver malware hosted on GitHub. This marked a pivot from failed attempts at bug bounties and freelance work toward a career in cybercrime.
Key malware tools tied to EncryptHub include:
Fickle Stealer: A Rust-based info-stealer malware
EncryptRAT: A custom remote access tool
SilentPrism and DarkWisp: Newly identified backdoors used in targeted attacks
MSC EvilTwin (CVE-2025-26633): A Microsoft Management Console exploit used to deploy info-stealers
In fact, Fortinet’s FortiGuard Labs first reported on Fickle Stealer in June 2024, highlighting its ability to bypass advanced corporate antivirus solutions.
The Human Side of a Hacker: Jail, Freelancing, and GPT-4 Confessions
EncryptHub’s digital trail reveals a surprisingly personal story. After disappearing in early 2022—coinciding with the Russo-Ukrainian war—evidence suggests the hacker was incarcerated during this time.
After release, the individual tried to rebuild a legal career, offering freelance web and app development services online. But with limited success and income, they allegedly returned to cybercrime by early 2024.
Perhaps most notably, the actor made heavy use of OpenAI’s ChatGPT, leveraging the tool not only for malware coding assistance and email translation, but also for personal reflection.
Final Thoughts: Dual Identity of a Cyber Talent
The case of EncryptHub is a striking example of a dual identity in the cybersecurity world — someone capable of both securing systems and breaking into them.
With Microsoft acknowledging his contributions, the lines between black-hat and white-hat grow blurrier. But one thing remains clear: in the age of AI-driven malware and widespread breaches, even the most dangerous adversaries may be key to improving global cybersecurity.