OneClik APT campaign targets energy sector with stealthy backdoors

A new APT malware campaign, OneClik, targets the energy sector using stealthy ClickOnce and Golang backdoors. The campaign, likely carried out by China-linked actors, abuses Microsoft’s ClickOnce deployment technology and custom Golang backdoors to evade detection. The Golang backdoor, RunnerBeacon, communicates with C2 servers via AWS services, making detection challenging.