| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UNK_RemoteRogue is a suspected Russian threat actor that has been observed utilizing ClickFix in its infection chains, although this technique is not revolutionizing their operations but rather replacing existing installation methods. The group has a history of employing compromised intermediate mailservers, with specific infrastructure noted, such as the upstream concentrator at 80.66.66[.]197. Proofpoint recorded their use of ClickFix only once before they reverted to traditional campaigns that share similar characteristics, including targeting and infrastructure. UNK_RemoteRogue has been linked to phishing activities and has shown consistent patterns in its operational tactics.
There are currently no families associated with this actor.
| 2025-04-17
⋅
Proofpoint
⋅
Around the World in 90 Days: State-Sponsored Actors Try ClickFix Quasar RAT UNK_RemoteRogue |