THE article reports that a prominent Russian hacking group, Sandworm, has adopted a new attack technique called Clickfix to compromise devices in Ukraine. Clickfix involves tricking users into entering malicious scripts through fake CAPTCHAs on compromised websites. This has led to network breaches and the installation of malware, including a custom package named FreakyPoll. Sandworm's tactics have evolved from traditional ransomware to using deceptive methods like CAPTCHAs and lures targeting vulnerable systems. The advisory from Ukraine's CERT emphasizes the importance of monitoring for unauthorized access and malware signs.
Sandworm uses CAPTCHAs to deliver FreakyPoll malware in Ukraine
CyberSIXT Evidence Panel
Primary Source
cert.gov.ua
Threat Actor
Article by CyberSIXT