The ClickFix Convergence: How Threat Actors Blur the Lines

Update: 2025-05-14

Description

Hello to all our Cyber Spring Chickens! Join host Selena Larson, and guest host, Sarah Sabotka, as they chat with Saher Naumaan, Senior Threat Researcher at Proofpoint, for a deep dive into how modern espionage and cybercrime are increasingly blurring lines.

At the center of the conversation is ClickFix—a fast-evolving social engineering technique originally used by cybercriminals but now adopted by espionage actors across at least three countries in just 90 days.

We explore:

how threat actors are borrowing each other’s tactics, techniques, and procedures (TTPs), creating “muddled attribution” as espionage groups mimic high-volume e-crime methods
how these techniques are being tailored to target high-value, often non-technical individuals
what defenders can do in the face of increasingly sophisticated psychological attacks

Resources Mentioned:

https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix

https://www.proofpoint.com/us/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape

https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/

For more information about Proofpoint, check out our website.

Subscribe & Follow:

Stay ahead of emerging threats, and subscribe! Happy hunting!