Larva-208

Also known as: EncryptHub, Larva-208

LARVA-208 is a financially motivated threat actor employing sophisticated phishing campaigns to harvest credentials and deploy ransomware. The actor uses multiple tactics, including Open URL Redirection, fake login pages, and social engineering, to bypass MFA and gain access to corporate networks. LARVA-208 has compromised over 618 organizations since June 2024, often deploying ransomware payloads. The threat actor is linked to LARVA-148, a threat actor managing domain acquisitions and attacks.

Introduction

LARVA-208 is a financially motivated threat actor employing sophisticated phishing campaigns to harvest credentials and deploy ransomware. The actor uses multiple tactics, including Open URL Redirection, fake login pages, and social engineering, to bypass MFA and gain access to corporate networks. LARVA-208 has compromised over 618 organizations since June 2024, often deploying ransomware payloads. The threat actor is linked to LARVA-148, a threat actor managing domain acquisitions and attacks.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

Information pending cataloguing.

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.