ClickFix - DPRK Threat Intelligence

#ClickFix

General

2025-01-16 • Lazarus APT: Techniques for Hunting Contagious Interview

32

Tagged Reports
24

Unique Authors
467

Active Days

Tagged Reports

2026-04-27

Arctic Wolf

BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector

#Bluenoroff #ClickFix #Fileless

2026-04-21

Any Run

New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses

#ClickFix #Lazarus #macOS #T1005 #T1543.001 #T1083 #T1497 #T1548.003 #T1555 #T1560 #T1124 #T1222 #T1567 #T1204 #T1552 #T1057 #T1082

2026-04-14

Validin

"Hello? I can’t hear you": Investigating UNC1069’s Fake Meeting Tactics

#CabbageRAT #ClickFix #UNC1069

2026-04-13

Bitso

North Korea's Safari: Hunting for RATs

#ClickFix #FamousChollima

2026-04-01

Break Glass Intelligence

Two IOCs In, Five C2 Servers Out: Mapping DPRK's Contagious Interview Campaign From InvisibleFerret to a Kimsuky Crossover

#ClickFix #ContagiousInterview #InvisibleFerret #Kimsuky

2026-03-25

e Sentire

EtherRAT & SYS_INFO Module: C2 on Ethereum (EtherHiding), Target Selection, CDN-Like Beacons

#ClickFix #EtherHiding #EtherRAT

2026-03-23

Sophos

NICKEL ALLEY strategy: Fake it ‘til you make it

#NickelAlley #ClickFix #ContagiousInterview #PylangGhost

2026-03-05

Bitso

North Korea's Safari: Poaching for Gophers

#FamousChollima #ClickFix

2026-03-02

Moonlock

Fake VCs target crypto talent

#ClickFix #UNC1069

2026-02-20

Poly Swarm

UNC1069 Uses New Tools to Target Crypto Entities

#ClickFix #UNC1069

2026-02-10

Google

UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering

#UNC1069 #ClickFix #Cryptocurrency #WAVESHAPER

2026-01-21

Recorded Future

PurpleBravo’s Targeting of the IT Software Supply Chain

#BeaverTail #ClickFix #ContagiousInterview #GolangGhost #PurpleBravo #PylangGhost

2025-11-20

Validin

Inside DPRK's Fake Job Platform Targeting U.S. AI Talent

#ClickFix #ContagiousInterview

2025-09-25

ESET

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

#DeceptiveDevelopment #BeaverTail #ClickFix #InvisibleFerret #Tropidoor #Tsunami #T1585.001 #T1078 #T1589 #T1204.001 #T1055 #T1566.001 #T1036 #T1497 #T1027 #T1204.002 #T1566.002 #T1056.001 #T1586 #T1105 #T1071.001 #T1059

2025-09-17

Gitlab

BeaverTail variant distributed via malicious repositories and ClickFix lure

#BeaverTail #ClickFix

« Back