HOMETHREATSUNK RemoteRogue
APT / THREAT GROUP

UNK RemoteRogue

Internal ID: UNK_RemoteRogue
🇷🇺Russia-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

UNK_RemoteRogue is a suspected Russian threat actor that has been observed utilizing ClickFix in its infection chains, although this technique is not revolutionizing their operations but rather replacing existing installation methods. The group has a history of employing compromised intermediate mailservers, with specific infrastructure noted, such as the upstream concentrator at 80.66.66[.]197. Proofpoint recorded their use of ClickFix only once before they reverted to traditional campaigns that share similar characteristics, including targeting and infrastructure. UNK_RemoteRogue has been linked to phishing activities and has shown consistent patterns in its operational tactics.

Threat Analysis

UNK RemoteRogue is a known-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

UNK RemoteRogue — Active Operations March 2026

UNK RemoteRogue is a unknown-motivation threat actor attributed to Russia. UNK_RemoteRogue is a suspected Russian threat actor that has been observed utilizing ClickFix in its infection chains, although this technique is not revolutionizing their operations but rather replacing existing installation methods. The group has a history of employing compromi...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇷🇺 Russia
Aliases1
SourceMalpedia

Also Known As

UNK_RemoteRogue

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.