📣 Send us your press release
Site updates every 15 minutes
Technology

Russian Elite Hackers Adopt Clickfix Attack for Device Compromise

Ukraine's CERT center warns that Sandworm, an elite Russian military intelligence hacking group, is now employing the Clickfix attack technique. The method uses fake CAPTCHA prompts to install malware on targeted devices.

16 July 2026
Russian Elite Hackers Adopt Clickfix Attack for Device Compromise

One of Russia's most elite hacking groups, linked to the GRU military intelligence agency and known as Sandworm, has adopted an attack technique called Clickfix to compromise devices belonging to sensitive organizations in Ukraine. This warning comes from Ukraine's national CERT center.

Clickfix has emerged as an effective attack method, primarily used by financially motivated criminals over the past year. The technique involves attacker-controlled websites displaying a CAPTCHA that requires visitors to copy and paste text into a terminal. This text contains scripts that, once entered, perform malicious actions, typically installing malware or exfiltrating sensitive data.

The campaign, active since spring, has led to network compromises. At least one organization's network was breached when a connected device was found infected with FreakyPoll, a custom malware package associated with Sandworm. Ukrainian authorities identified 10 compromised websites displaying a PowerShell command as part of a fake CAPTCHA designed to appear as a human verification step.

Original source: arstechnica.com