216.73.216.86

Around the World in 90 Days: State-Sponsored Actors Try ClickFix

· Published 17/04/2025 14:57 · Modified 17/04/2025 16:08

Export JSON

Essential information

Published
17/04/2025 14:57
Modified
17/04/2025 16:08
Tags
2025-04-17 clickfix level metasploit quasarrat
Related entities
7 techniques (mitre), 4 malware, 10 others

Description

Multiple state-sponsored threat actors from North Korea, Iran, and Russia have been observed adopting the social engineering technique, previously associated with cybercriminal activities. Over a three-month period from late 2024 to early 2025, groups such as TA427, TA450, UNK_RemoteRogue, and TA422 incorporated into their existing infection chains. The technique involves using dialogue boxes with instructions for targets to copy, paste, and run malicious commands on their machines. While the adoption of hasn't revolutionized these groups' campaigns, it has replaced installation and execution stages in their existing processes. This trend highlights the fluidity of tactics among threat actors and the potential for wider adoption of by other state-sponsored groups in the future.

External references