Social Engineering and Phishing Surge: ClickFix 500% Growth, Chinese PhaaS Expansion, Carnival Breach
Key Questions
What is driving the growth of ClickFix attacks?
ClickFix has seen 500% growth and is now the second most common attack vector, adopted by groups including APT28, Kimsuky, and MuddyWater.
How are Chinese PhaaS gangs evolving?
Chinese phishing-as-a-service operations now offer real-time token interception, AI-generated pages, and live admin panels for MFA bypass across 400+ templates.
What happened in the Carnival Corporation breach?
Carnival disclosed a breach on April 14 via compromised employee credentials that exposed passport numbers and other personal information of customers.
ClickFix technique exploding – 500% growth, now second most common vector, adopted by APT28, Kimsuky, MuddyWater. ANY.RUN analysis details payload spectrum and evasion mechanics. New: Chinese PhaaS gangs maturing – real-time token interception, AI-generated pages, MFA bypass via live admin panels, targeting Japan with 400+ templates. New: Carnival Corporation breach via employee account compromise (April 14) exposing passport numbers and PII – traditional phishing case adds to social engineering trend. Critical signal for SOC teams. Status developing.