Home / Jul 18, 2026 / Story
0
#10 Ars Technica Security general July 16, 2026 at 19:28 UTC

Now, even Russia's most elite hackers are using Clickfix to infect devices

By Dan Goodin

AI Summary

Russia's most sophisticated state-sponsored threat actors, including Sandworm, have adopted the ClickFix social engineering technique — previously used almost exclusively by financially motivated criminals — to trick victims into pasting malicious PowerShell commands disguised as CAPTCHA verification. The adoption of this commodity technique by elite APT groups significantly broadens the threat landscape and signals that ClickFix-based delivery chains will become increasingly common in high-stakes espionage campaigns.

Relevance score: 81.0/100

# More from July 18