The ClickFix Convergence: How Threat Actors Blur the Lines

Send us fan mail!

Hello to all our Cyber Spring Chickens! Join host Selena Larson, and guest host, Sarah Sabotka, as they chat with Saher Naumaan, Senior Threat Researcher at Proofpoint, for a deep dive into how modern espionage and cybercrime are increasingly blurring lines.

At the center of the conversation is ClickFix—a fast-evolving social engineering technique originally used by cybercriminals but now adopted by espionage actors across at least three countries in just 90 days. 

We explore: 

• how threat actors are borrowing each other’s tactics, techniques, and procedures (TTPs), creating “muddled attribution” as espionage groups mimic high-volume e-crime methods
• how these techniques are being tailored to target high-value, often non-technical individuals
• what defenders can do in the face of increasingly sophisticated psychological attacks 

Resources Mentioned:

https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix

https://www.proofpoint.com/us/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape

https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/

 For more information about Proofpoint, check out our website.

Subscribe & Follow:

Stay ahead of emerging threats, and subscribe! Happy hunting!