Russia's elite hacking groups have begun utilizing the Clickfix attack technique to compromise devices belonging to sensitive Ukrainian organizations, according to Ukraine's CERT center. This technique, which has gained popularity among financially motivated criminals over the past year, involves displaying a CAPTCHA on attacker-controlled websites that requires visitors to copy and paste a script-laden text into their terminal, enabling malicious actions. The adoption of Clickfix by state-aligned hackers signals a shift from financially driven crimes to geopolitically motivated attacks, altering the threat landscape. Specifically, the use of Clickfix by Russian hackers indicates a change in tactics, potentially exploiting vulnerabilities in unpatched systems, such as those associated with outdated browser versions1. This development matters to security practitioners because it necessitates a revised threat model that accounts for the unique characteristics of state-sponsored attacks, rather than solely focusing on traditional criminal activity.