Lazarus APT Hackers Using ClickFix Technique to Evade Detection

The Lazarus Group, a notorious North Korean state-sponsored hacking collective, has been observed employing a novel attack method known as the ClickFix technique. This approach allows them to bypass traditional security measures by exploiting user interactions with seemingly benign links or buttons, which then trigger malicious payloads. The ClickFix technique represents an evolution in social engineering tactics, making it harder for security systems to detect and block these attacks. Lazarus APT's use of this method underscores their adaptability and persistence in targeting financial institutions, cryptocurrency platforms, and critical infrastructure worldwide. Security experts recommend heightened vigilance, user education, and advanced threat detection tools to mitigate risks associated with this emerging threat. This article delves into the mechanics of the ClickFix technique, its implications for cybersecurity defenses, and strategies organizations can implement to protect themselves from Lazarus Group's sophisticated campaigns.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 08 Sep 2025 06:20:28 +0000

Cyber News related to Lazarus APT Hackers Using ClickFix Technique to Evade Detection

ClickFix Attack Emerges by Over 500% - Hackers Actively Using This Technique to Trick Users - The attack presents victims with fake error messages or verification prompts that appear legitimate, instructing them to copy and paste seemingly harmless commands to resolve fictitious technical issues. Unlike traditional attack methods, ClickFix ...
3 months ago Cybersecuritynews.com Kimsuky Lazarus Group MuddyWater APT3

Lazarus APT Hackers Using ClickFix Technique to Evade Detection - The Lazarus Group, a notorious North Korean state-sponsored hacking collective, has been observed employing a novel attack method known as the ClickFix technique. This approach allows them to bypass traditional security measures by exploiting user ...
1 month ago Cybersecuritynews.com Lazarus Group

State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns - While currently limited to experimental usage by these state-sponsored groups, the increasing popularity of ClickFix in both cybercrime and espionage campaigns suggests the technique will likely become more widely adopted as threat actors continue to ...
5 months ago Cybersecuritynews.com Kimsuky MuddyWater

Lazarus hackers drop new RAT malware using 2-year-old Log4j bug - The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader. The D programming language is rarely seen in cybercrime operations, so Lazarus probably chose it for new malware development to evade ...
1 year ago Bleepingcomputer.com

North Korean hackers adopt ClickFix attacks to target crypto firms - Sekoia says that Lazarus impersonates numerous well-known companies in the latest campaign, including Coinbase, KuCoin, Kraken, Circle, Securitize, BlockFi, Tether, Robinhood, and Bybit, from which the North Korean threat actors recently stole a ...
6 months ago Bleepingcomputer.com

Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware - The integration of Qakbot with the ClickFix technique allows attackers to bypass traditional security measures by leveraging user interaction to execute malicious commands. A sophisticated social engineering technique known as ClickFix has emerged, ...
6 months ago Cybersecuritynews.com

Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
1 year ago Darkreading.com Lazarus Group

Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines - Cyber Security News - The attackers impersonate legitimate entities, including government officials, news correspondents, and security personnel, to establish trust before delivering malicious payloads through encrypted archives or deceptive websites designed to mimic ...
3 months ago Cybersecuritynews.com Kimsuky

Interlock ransomware gang pushes fake IT tools in ClickFix attacks - The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. Though this isn't the first time ClickFix has been linked to ransomware infections, ...
5 months ago Bleepingcomputer.com

North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com CVE-2023-42793 Andariel

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com

What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
1 year ago Techtarget.com Cozy Bear APT29

Lazarus Group is No Longer Consider a Single APT Group, But Collection of Many Sub Groups - The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. For instance, Bureau325 and APT43 have been identified as entities that ...
6 months ago Cybersecuritynews.com Kimsuky Lazarus Group

North Korean Hackers Developing Malware in Dlang Programming Language - The North Korea-linked hacking group Lazarus has been observed deploying Dlang malware in attacks against organizations in the manufacturing, agriculture, and physical security sectors, Cisco's Talos security researchers report. Released in 2001, ...
1 year ago Packetstormsecurity.com Andariel

Chinese APT Hackers Using Proxy and VPN to Evade Detection - Chinese APT (Advanced Persistent Threat) hacker groups have increasingly adopted the use of proxies and VPNs to mask their activities and evade detection by cybersecurity defenses. These threat actors leverage these tools to anonymize their network ...
1 month ago Cybersecuritynews.com Chinese APT groups

ClickFake Interview - Lazarus Hackers Exploit Windows & macOS Users Fake Job Campaign - The ClickFake Interview campaign builds upon the tactics of Contagious Interview, which targeted software developers via fake job interviews conducted on platforms like LinkedIn or X (formerly Twitter). The Lazarus Group, a North Korean ...
6 months ago Cybersecuritynews.com Lazarus Group

State-sponsored hackers embrace ClickFix social engineering tactic - Proofpoint reports that APT28, a GRU unit, also used ClickFix as early as October 2024, using phishing emails mimicking a Google Spreadsheet, a reCAPTCHA step, and PowerShell execution instructions conveyed via a pop-up. ClickFix attacks are gaining ...
5 months ago Bleepingcomputer.com APT28 Kimsuky MuddyWater

OKX suspends DEX aggregator after Lazarus hackers try to launder funds - OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. OKX is a leading global ...
6 months ago Bleepingcomputer.com Lazarus Group

North Korean hackers linked to $1.5 billion ByBit crypto heist - Since the attack, crypto fraud investigator ZachXBT has discovered links between the Bybit hackers and the infamous North Korean Lazarus threat group after the attackers sent stolen Bybit funds to an Ethereum address previously ...
7 months ago Bleepingcomputer.com Lazarus Group

Harmony Horizon Bridge and Lazarus APT Activities Revealed - SecurityAffairs recently shed light on a report by FireEye security researchers about the activities of the Harmony Horizon Bridge and Lazarus APTs. The report includes a new variant of the Bridge malware named “Ovorum”, as well as the TVShow ...
2 years ago Securityaffairs.com

Microsoft Warns of Hackers Using ClickFix Technique to Bypass Security - Microsoft has issued a warning about a new hacking technique called 'ClickFix' that cybercriminals are using to bypass security measures. This method involves manipulating user interactions to execute malicious actions without detection. The ClickFix ...
1 month ago Cybersecuritynews.com

Lazarus hackers breach six companies in watering hole attacks - In the incidents analyzed by Kaspersky, victims are redirected to sites that mimick software vendors, such as the distributor of Cross EX - a tool that enables South Koreans to use security software in various web browsers for online banking and ...
5 months ago Bleepingcomputer.com

Lazarus Adds New Malicious npm Packages with Hexadecimal Encoding - These packages, part of the broader Contagious Interview operation, are designed to evade automated detection systems and manual code audits, marking a significant evolution in the group’s approach to cyber espionage and financial theft. The ...
6 months ago Cybersecuritynews.com Lazarus Group

Lazarus APT Hackers Using ClickFix Technique to Evade Detection

Cyber News related to Lazarus APT Hackers Using ClickFix Technique to Evade Detection

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)