Various state-supported cyberattack factions from Iran, North Korea, and Russia have been discovered utilizing the increasingly favored ClickFix social manipulation method to disseminate malicious software during a three-month timeframe from late 2024 to early 2025.
The phishing initiatives employing this approach have been linked to groups identified as TA427 (also known as Kimsuky), TA450 (also referred to as MuddyWater,