Cybersecurity Hacking News

State-sponsored social engineering and supply chain infiltration (Sandworm ClickFix, NK IT workers, Russian password manager, NK REF9403)

State-sponsored social engineering and supply chain infiltration (Sandworm ClickFix, NK IT workers, Russian password manager, NK REF9403)

Key Questions

What new tactics is Russia's Sandworm group using?

Sandworm (UAC-0145) deployed ClickFix attacks with fake CAPTCHAs and Ethereum smart contracts for dynamic malware delivery against Ukraine.

How are North Korean IT workers infiltrating companies?

DPRK-linked engineers continue to gain employment at firms like Consensys by posing as legitimate developers, creating supply-chain risks.

Which password manager raised supply-chain concerns in Europe?

Passwork, used by Irish state agencies and presented as EU-based, shares code with a Russian state-certified firm and has deep security-service ties.

What technique does North Korea's REF9403 campaign use?

It employs SVG comment-block steganography to deliver four-stage malware that evades all antivirus detection, targeting developers via Slack.

What indicators has CERT-UA released?

CERT-UA published IoCs related to Sandworm's recent ClickFix and SMARTAXE operations.

Russia's Sandworm group (UAC-0145) adopted ClickFix attacks against Ukraine using fake CAPTCHAs and Ethereum smart contracts (SMARTAXE) for dynamic content delivery—a novel state-sponsored social engineering chain. North Korean IT worker infiltration continues: Consensys (MetaMask) caught a DPRK-linked engineer within a month, highlighting persistent supply chain risks for crypto firms. A Russian-linked password manager with deep security service ties infiltrated Irish state agencies under a fake EU front, exposing supply chain vulnerabilities in credential management. New: North Korea's REF9403 campaign uses SVG comment-block steganography to deliver four-stage malware with zero AV detections, targeting developers via Elastic's Slack. New: European password manager shares code with Russian state-certified firm, raising supply chain concerns for government users. CERT-UA provides IoCs for Sandworm. These developments underscore evolving state-sponsored tactics targeting both human and software supply chains.

Sources (3)
Updated Jul 19, 2026