From ClickFixto Command: A Full PowerShell Attack Chain www.fortinet.com/blog/thre…

The FortiMail Workspace Security team recently identified a targeted intrusion campaign impacting multiple Israeli organizations. The adversary leveraged compromised internal email infrastructure to distribute phishing messages across the regional business landscape. These emails initiated a multi-stage, PowerShell-based infection chain that culminated in the delivery of a remote access trojan (RAT), executed entirely through PowerShell.

The following report outlines technical observations from the campaign, including delivery tactics, obfuscation methods, C2 activity, and MITRE ATT&CK mappings.