In September 2025, Zscaler ThreatLabz uncovered a sophisticated multi-stage ClickFix campaign targeting members of Russian civil society. Attributed with moderate confidence to the Russia-linked APT group COLDRIVER, also known as Star Blizzard, Callisto, and UNC4057, this operation blends social engineering with lightweight malware to achieve document theft and persistent access. COLDRIVER’s ClickFix infection chain begins […] The post ClickFix Multi Stage Campaign Delivering a PowerShell...
