By Interestana AI Editorial — AI-drafted, human-overseen. How we report
Russia's Sandworm Hackers Use Clickfix for Device Infections

Ukraine's Computer Emergency Response Team (CERT) center has warned that one of Russia's most elite hacking groups, Sandworm, has adopted the Clickfix attack to compromise devices belonging to sensitive organizations in Ukraine. Clickfix, an attack technique that has gained traction over the past year primarily among financially motivated criminals, involves displaying a CAPTCHA on compromised websites. Visitors are prompted to copy and paste text from the CAPTCHA into their terminal, which contains scripts designed to perform malicious actions, such as installing malware or exfiltrating data.
According to Ukraine's CERT, Sandworm, identified as an advanced hacking unit within Russia's GRU military intelligence arm, began utilizing this technique in the spring and has continued its campaign through the summer. The Clickfix attacks have led to network compromises, with at least one organization experiencing a breach when a connected device was found to be infected with FreakyPoll, a custom malware package associated with Sandworm. Ukrainian authorities have identified 10 compromised websites that displayed a PowerShell command disguised as a fake CAPTCHA, requiring users to execute it to verify they were human.
Original source — read the full reporting at the publisher:
Read on Ars TechnicaGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.