DPRK hackers dupe targets into typing PowerShell commands as admin www.bleepingcomputer.com/news/secu…

North Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic inspired from the now widespread ClickFix campaigns.

ClickFix is a social engineering tactic that has gained traction in the cybercrime community, especially for distributing infostealer malware.

It involves deceptive error messages or prompts that direct victims to execute malicious code themselves, often via PowerShell commands. These actions typically lead to malware infections.

Microsoft says it observed this tactic in limited-scope attacks starting January 2025, targeting individuals that work in international affairs organizations, NGOs, government agencies, and media companies across North America, South America, Europe, and East Asia.