A new sophisticated cyber campaign, 'OneClik,' is actively targeting entities in the energy, oil, and gas sectors, leveraging Microsoft's ClickOnce technology and custom Golang backdoors like RunnerBeacon. Cautiously attributed to Chinese-affiliated actors, these attacks employ 'living-off-the-land' tactics and cloud services to evade traditional detection, enabling extensive network compromise, privilege escalation, and data exfiltration, with multiple variants observed in March 2025. This development, alongside reports of other state-aligned groups like APT-Q-14 (linked to South Korea's DarkHotel) also exploiting ClickOnce and other vulnerabilities in recent months, underscores a heightened and evolving cyber risk landscape for critical infrastructure and key industries, demanding increased vigilance regarding operational and supply chain security.
A sophisticated cyber campaign, codenamed 'OneClik', is actively targeting the energy, oil, and gas sectors, presenting a significant operational risk. The campaign, which exhibits characteristics of Chinese-affiliated threat actors, leverages Microsoft's (MSFT) legitimate ClickOnce deployment technology to execute a custom Golang backdoor, 'RunnerBeacon', without requiring administrative privileges. This 'living-off-the-land' approach, which also utilizes Amazon Web Services (AMZN) to obscure command-and-control infrastructure, is designed to evade traditional security detection. The RunnerBeacon implant itself is highly capable, with functionalities for file operations, process termination, and lateral movement that parallel known offensive tools like the Geacon family. The threat is evolving rapidly, with three distinct variants observed in March 2025 alone. This development occurs alongside reports of other state-aligned groups, such as the South Korea-linked APT-Q-14, also exploiting ClickOnce, indicating a broader trend of threat actors weaponizing trusted enterprise software to compromise high-value targets in critical infrastructure.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately negative
Sentiment Score
-0.60
Ticker Sentiment
