OneClik Campaign Targets Energy Sector with Stealthy Backdoors

A OneClik campaign, likely conducted by an actor linked to China, is targeting the energy, oil, and gas sectors using stealthy ClickOnce and Golang backdoors. Cybersecurity researchers at Trellix have uncovered this new APT malware campaign, OneClik, which exploits Microsoft's ClickOnce deployment technology and custom backdoors written in Golang. Although links to actors affiliated with China are suspected, attribution remains cautious.