SYMBOLCOMMON_NAMEaka. SYNONYMS

UNK_RemoteRogue  (Back to overview)


UNK_RemoteRogue is a suspected Russian threat actor that has been observed utilizing ClickFix in its infection chains, although this technique is not revolutionizing their operations but rather replacing existing installation methods. The group has a history of employing compromised intermediate mailservers, with specific infrastructure noted, such as the upstream concentrator at 80.66.66[.]197. Proofpoint recorded their use of ClickFix only once before they reverted to traditional campaigns that share similar characteristics, including targeting and infrastructure. UNK_RemoteRogue has been linked to phishing activities and has shown consistent patterns in its operational tactics.


Associated Families

There are currently no families associated with this actor.


References
2025-04-17ProofpointGreg Lesnewich, Josh Miller, Mark Kelly, Saher Naumaan
Around the World in 90 Days: State-Sponsored Actors Try ClickFix
Quasar RAT UNK_RemoteRogue

Credits: MISP Project