ClickFix Attack Hijacks Microsoft SharePoint to Spread Havoc Malware
Security researchers spotted a new ClickFix campaign that has been abusing Microsoft SharePoint to distribute the Havoc post-exploitation framework. The attack chain starts with a phishing email, carrying a "restricted notice" as an .HTML attachment, which prompts the victim to update their DNS cache manually and then runs a script that downloads the Havoc framework as a DLL file. Cybercriminals are exploiting Microsoft tools to bypass email security and target victims with advanced red teaming and adversary simulation capabilities.
- This devious two-step phishing campaign highlights the evolving threat landscape in cybersecurity, where attackers are leveraging legitimate tools and platforms to execute complex attacks.
- What measures can organizations take to prevent similar ClickFix-like attacks from compromising their SharePoint servers and disrupting business operations?