News

Worldwide cyber assault operation named "ShadowCaptcha" unveiled by Israel's National Digital Agency

International Cyber Assault, labeled 'ShadowCaptcha', uncovered by Israel's National Digital Agency. Researchers divulged that perpetrators utilized deceptive Google and Cloudflare CAPTCHA pages in conjunction with the ClickFix tactic. This persistent campaign operated for over a year,...

, and Administrator

2025 September 8 . 9:24 AM

1 min read

Worldwide cyber assault operation named "ShadowCaptcha" unveiled by Israeli National Digital Agency

Worldwide cyber assault operation named "ShadowCaptcha" unveiled by Israel's National Digital Agency

In the digital world we inhabit, a new cyber threat has emerged, one that poses a significant risk to organisations connected to the internet. This ongoing campaign, dubbed ShadowCaptcha, has been discovered and is causing concern among cybersecurity experts.

The ShadowCaptcha campaign, believed to be the work of cybercriminals from Russia, is a sophisticated operation that combines social engineering, living-off-the-land binaries, and multi-stage payload distribution. This combination makes it difficult to detect and can lead to prolonged unauthorized access, cryptomining, data exfiltration, and potential reputational damage.

One of the tactics employed by the threat actors behind ShadowCaptcha is the use of scheduled Windows tasks for stealth persistence. They also utilise a technique known as ClickFix, which poses a threat to both Windows and macOS platforms. This technique is designed to trick users into believing they are interacting with legitimate Google and Cloudflare CAPTCHA pages, when in fact they are falling victim to the ShadowCaptcha campaign.

The campaign's goals include stealing sensitive data, injecting cryptominers, and potentially launching ransomware attacks. Analysis of the campaign has revealed over 100 compromised WordPress websites and hundreds of malware samples. The campaign targets compromised WordPress websites, using fake Google and Cloudflare CAPTCHA pages and the ClickFix technique to infiltrate systems.

To reduce risks, it is recommended that detection and prevention rules are created to identify and block the ShadowCaptcha campaign. Additionally, user awareness training should be provided to help recognise the ClickFix technique and avoid falling victim to this insidious tactic.

The ShadowCaptcha campaign has been active for at least a year, highlighting the need for vigilance in the digital realm. As with all cyber threats, the best defence is a combination of technical measures and user awareness. Stay safe, stay informed.