Termite ransomware breaches linked to ClickFix CastleRAT attacks

Threat actors known as Velvet Tempest are employing the ClickFix technique alongside legitimate Windows utilities to deploy DonutLoader malware and the CastleRAT backdoor. Researchers observed these actions, noting Velvet Tempest’s history with various ransomware strains, though Termite ransomware was not deployed in this specific observed intrusion.