#10
Ars Technica Security
general
July 16, 2026 at 19:28 UTC
Now, even Russia's most elite hackers are using Clickfix to infect devices
By Dan Goodin
AI Summary
Russia's most sophisticated state-sponsored threat actors, including Sandworm, have adopted the ClickFix social engineering technique — previously used almost exclusively by financially motivated criminals — to trick victims into pasting malicious PowerShell commands disguised as CAPTCHA verification. The adoption of this commodity technique by elite APT groups significantly broadens the threat landscape and signals that ClickFix-based delivery chains will become increasingly common in high-stakes espionage campaigns.
Relevance score: 81.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →