Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025.
The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),
State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns
