Around the World in 90 Days: State-Sponsored Actors Try ClickFix
Contents
Key Findings
- While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social engineering technique for the first time.
- Over only a three-month period from late 2024 through the beginning of 2025, groups from North Korea, Iran, and Russia were all seen using the ClickFix technique in their routine activity.
- The incorporation of ClickFix is not revolutionizing the campaigns carried out by TA427, TA450, UNK_RemoteRogue, and TA422 but instead is replacing the installation and execution stages in existing infection chains.
- While currently limited to a few state-sponsored groups, the increasing popularity of ClickFix in cybercrime over the last year as well as in espionage campaigns in recent months suggests the technique will likely become more widely tested or adopted by state-sponsored actors.
Overview
A major trend in the threat landscape is the fluidity of tactics, techniques, and procedures (TTPs). Threat actors share, copy, …
- While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social engineering technique for the first time.
- Over only a three-month period from late 2024 through the beginning of 2025, groups from North Korea, Iran, and Russia were all seen using the ClickFix technique in their routine activity.
- The incorporation of ClickFix is not revolutionizing the campaigns carried out by TA427, TA450, UNK_RemoteRogue, and TA422 but instead is replacing the installation and execution stages in existing infection chains.
- While currently limited to a few state-sponsored groups, the increasing popularity of ClickFix in cybercrime over the last year as well as in espionage campaigns in recent months suggests the technique will likely become more widely tested or adopted by state-sponsored actors.
Overview
A major trend in the threat landscape is the fluidity of tactics, techniques, and procedures (TTPs). Threat actors share, copy, …