Threat Intelligence / Actor / Unknown (ClearFake operator cluster; UNC5342 [DPRK] adopted EtherHiding generally per Google Oct 2025 but this campaign is unattributed)

Unknown (ClearFake operator cluster; UNC5342 [DPRK] adopted EtherHiding generally per Google Oct 2025 but this campaign is unattributed)

1 tracked threat(s) · Categories: MALWARE

Also known as: ClearFake operators, ClearFake cluster

Tracked threats

ClearFake EtherHiding on BNB Smart Chain Testnet — Smart Contract C2 Delivering SectopRAT + ACRStealer via ClickFix Fake-CAPTCHA — HIGH

Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →

Threadlinqs Intelligence