OneClik Campaign Exploits ClickOnce to Breach Energy Sector
Trellix's Advanced Research Center has uncovered a highly targeted Advanced Persistent Threat malware campaign, named OneClik, focused on entities within the energy, oil, and gas sectors. The attackers employ sophisticated phishing lures and exploit Microsoft ClickOnce, a.NET deployment tool, to execute malware under the guise of trusted applications. This campaign exhibits hallmarks consistent with Chinese-affiliated threat actors, according to the researchers.
Phishing emails played a central role in initial access, directing recipients to a camouflaged 'hardware analysis' site. Visitors are prompted to install a ClickOnce application, which transparently downloads a malicious.NET loader. This loader utilises AppDomainManager hijacking, manipulating.exe.config settings to inject a rogue DLL at runtime. By operating under dfsvc.exe, it achieves stealthy code execution without triggering user account controls.
The operation's modularity is evident in its three known variants—v1a, BPI-MDM, and v1d—all of which deploy a.NET loader, 'OneClikNet,' to deliver a Go‑based backdoor named 'RunnerBeacon.' Communication with command‑and‑control servers occurs via legitimate AWS services such as CloudFront, API Gateway, and Lambda, complicating attribution and detection.
ADVERTISEMENT
Researchers traced an earlier variant of the RunnerBeacon loader to a Middle Eastern oil and gas target in September 2023, suggesting the campaign has persisted for at least nine months. The clustering of infrastructure and code suggests a long‑term espionage focus on critical energy sector infrastructure.
OneClik typifies the 'living off the land' tactic trend among APT actors, embedding malicious activity within legitimate system processes. By co‑opting ClickOnce workflows, the actors evade conventional security checks and minimise forensic footprints. The use of AppDomainManager hijacking—aligned with MITRE's T1574.014 technique—illustrates both creativity and sophistication.
Operational resilience is tailored into each variant. Anti‑analysis safeguards such as anti‑debugging loops and sandbox escape routines indicate a degree of maturation across successive iterations. Furthermore, by leveraging AWS-hosted C2 infrastructure, each variant masks communications behind widely trusted cloud domains.
Trellix has not publicly named specific organisations but indicates that the campaign spans multiple countries and facilities in the energy domain. The attack chain—from phishing to ClickOnce deployment, loader injection, and backdoor communication—illustrates a fully developed espionage suite with lateral movement and data exfiltration capabilities.
While the activity has been linked to Chinese-affiliated actors, attribution remains cautious. Analysts point to overlapping techniques with earlier campaigns, including AppDomainManager abuse and cloud‑based C2 obfuscation, which demonstrate a persistent, strategic push into energy sector espionage.
The growing popularity of living‑off‑the‑land techniques highlights a broader shift in APT methodology: adversaries are increasingly embedding within legitimate enterprise ecosystems, evading sandbox detection and legacy cybersecurity measures. OneClik's use of ClickOnce is a prime example of tool abuse—repurposing software deployment mechanisms as vectors for stealth attacks.
Effective detection of emerging variants will require advanced behavioural analysis and cloud traffic monitoring. Security teams are advised to scrutinise unusual ClickOnce manifest downloads, monitor dfsvc.exe processes for anomalous activity, and adopt isolation techniques for unfamiliar.application installations. Deep packet inspection combined with endpoint detection of loading behaviours may also help identify lateral movement attempts using RunnerBeacon.
The disclosure of OneClik, aligned with rising living‑off‑the‑land APT operations, marks a pivotal moment for industrial cybersecurity. By weaponising trusted deployment frameworks, threat actors are escalating their ability to remain undetected within critical infrastructure for extended periods. As such, collaborative threat intelligence, updated detection strategies, and heightened phishing resilience are imperative to combat these stealth campaigns.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Sharjah 24
2 hours ago
- Sharjah 24
Robotic football kicks off China's leap in humanoid robot innovation
Held at the Beijing Smart E-sports Event Center, this competition, China's first fully autonomous robotic football tournament, marks a pivotal moment in the nation's rapid ascent to global leadership in humanoid robotics. It follows the success of the world's first humanoid robot half-marathon in April, further demonstrating China's prowess in pushing the boundaries of robotic capabilities. According to China Global Television Network (CGTN), the RoBo League football showdown was a remarkable display of advanced robotic technology. Unlike traditional remote-controlled competitions, these humanoid players relied solely on AI-driven strategies. They showcased real-time decision-making, coordinated teamwork and even the ability to self-recover after falling. The optimised penalty system minimised interruptions, allowing the 1.2-to-1.5-meter-tall robots to execute fluid movements and well-orchestrated attacks, mimicking human football tactics. Four elite teams emerged from the preliminaries to compete in the finals. The Blaze Team from Beijing Information Science and Technology University impressed with their robots' agile evasion maneuvers. Tsinghua University's Power Intelligent Team demonstrated seamless communication protocols that enabled precise passes. The Mountain-Sea Team from China Agricultural University stood out for its energy-efficient design, maintaining peak performance throughout the intense matches. The robotic football event builds on the momentum of April's historic half-marathon. In that event, 20 humanoid robot teams completed a 21.0975-kilometer course in Beijing's Daxing District. This was a world first, revealing significant progress in robotic endurance and environmental adaptation. China's humanoid robot sector has evolved rapidly from theoretical research to industrial implementation. Robots are now widely used in various Chinese industries. The industry is moving towards three key trends. First, robots are evolving from task-specific machines to general-purpose assistants. Second, robots are being tailored for diverse environments, from construction sites to elderly care. Third, collaborative robots (cobots) are becoming mainstream in automotive plants, working side-by-side with human workers. The stage is set for the 2025 World Robot Conference, scheduled from August 8-12 in Beijing. This global gathering will feature 200+ exhibitors. Leading firms like Unitree and AgiBot will showcase cutting-edge robots, including the latest humanoid models. The conference will release important reports, such as the "Top 10 Scenario Demands for Humanoid Robots 2025" and the "Global Robot Partnership Initiative," setting industry standards for the next decade.
Broadcast Pro
2 hours ago
- Broadcast Pro
Deloitte and AWS strengthen ties to advance Middle East digital transformation
A new regional initiative aims to accelerate cloud adoption, AI and innovation across major industries, targeting $1bn in services by 2030. Deloitte Middle East and Amazon Web Services (AWS) have announced a significant expansion of their strategic alliance with plans to deliver $1bn worth of services by 2030, accelerating digital transformation across the Middle East. The agreement includes investments by both parties to scale regional capabilities, support local cloud adoption, and unlock new growth opportunities across key sectors. This move builds on Deloitte and AWS's long-standing global collaboration and reflects a shared commitment to helping businesses in the region embrace emerging technologies such as generative AI, data analytics and secure cloud infrastructure. The initiative was officially kicked off at a meeting held at Deloitte's Middle East offices in Dubai, where Rashid Bashir, Technology & Transformation Leader at Deloitte Middle East, met with Tanuja Randery, Managing Director for Europe, Middle East & Africa at AWS, and their leadership teams. This expanded regional collaboration will focus on helping enterprises modernise their core operations, increase agility, and drive innovation through cloud-native technologies and an AI-first approach. Deloitte will continue to grow its network of AWS-certified practitioners in the Middle East and invest in building dedicated Centres of Excellence to support complex transformation needs. Speaking about the deal, Rashid Bashir, Technology & Transformation Leader at Deloitte Middle East, said: 'This initiative is a major step forward in our mission to drive large-scale transformation for organisations across the region. By deepening our alliance with AWS, we are not only investing in advanced technologies but also in the talent and tools that local businesses need to thrive. Together, we will help clients accelerate innovation, build resilience, and unlock long-term value through cloud and AI adoption at scale – starting right here in the Middle East.' Through this initiative, Deloitte and AWS will work closely with clients across sectors such as banking, energy, public services, and healthcare, combining Deloitte's deep industry insight with AWS's cutting-edge capabilities. Core focus areas will include cloud strategy and architecture, application modernisation, AI development and integration, cybersecurity and governance. Tanuja Randery, Managing Director for Europe, Middle East & Africa at AWS, added: 'This collaboration means Deloitte and AWS can bring their proven methodology for industry solutions to customers in the Middle East. Customers can look forward to significantly accelerating the pace of their bold transformation projects by having a partner which will stay with them from inception to value realisation.' This builds on the success of similar collaborations in Europe and Africa, where hundreds of clients have already benefited from end-to-end support in their digital journeys. As demand for trusted, scalable transformation partners continues to grow, the alliance between Deloitte and AWS is set to play a key role in shaping the region's digital future.
TECHx
a day ago
- TECHx
Four Ways Government Agencies Can Achieve True Modernization
Home » Expert opinion » Four Ways Government Agencies Can Achieve True Modernization Discover 4 ways to achieve True Modernization in government. Chris Erasmus shares how AWS helps agencies transform with cloud, AI, training, and smart data use. The current federal administration has issued a challenge to federal agencies: accomplish their missions with greater speed, cost savings, and efficiency. This unprecedented moment of technological opportunity requires a bold strategic vision that can meet today's challenges, and ensure America maintains its global leadership in AI and innovation. Drawing on the extensive experience Amazon Web Services (AWS) has in partnering with public sector organizations worldwide, here are four transformative steps agencies can take to drive meaningful modernization and shape the future of government service delivery. 1. Migrate from on-premises to the cloud to unlock savings and security AWS has years of data showing that migrating to the cloud from on-premises saves money. The choice is clear: if you want to be more efficient, moving to the cloud is the way to go. When customers migrate to the cloud, some cut their related IT expenditures by almost two-thirds which can generate major savings for taxpayers. AWS works with thousands of public sector organizations to migrate to the cloud securely. Cloud enables customers to instantly scale resources to meet fluctuating mission needs, shift from capital expenditures to a more flexible pay-as-you-go model, and leverage built-in security and compliance frameworks specifically aligned to government requirements. AWS supports 143 security standards and compliance certifications, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping satisfy compliance requirements for virtually every regulatory agency around the globe. AWS's security-first architecture, combined with continuous monitoring and automated threat detection, provides agencies with stronger security posture than most can achieve on-premises. This comprehensive approach not only reduces costs, it strengthens security and accelerates innovation. 2. Adopt AI tools to boost efficiency and productivity Artificial Intelligence (AI) is transforming government operations by automating routine tasks, enhancing decision-making, and improving citizen engagement. Every day, AI-powered digital transformations are moving beyond proof of concept into fully operational solutions. For example, the Financial Industry Regulatory Authority (FINRA), which is not government but operates under Securities and Exchange Commission (SEC) oversight, achieved a 40 percent reduction in effort for technology upgrades and maintenance tasks using AI-powered development tools, while also improving code quality and integrity by 30 percent. The U.S. Navy Reserve is seeing the benefits of AI after deploying a Q&A chatbot in just four months that now helps more than 56,000 reservists find critical information faster. Built on AWS GovCloud, the chatbot uses generative AI to aid reservists in accessing information quickly, reducing the need for support calls to their command. These are just two examples of how AI is transforming government across multiple fronts—from automating document and records management, to deploying virtual assistants to provide 24/7 support, and implementing predictive analytics that can anticipate service needs and optimize resource allocation. These capabilities enhance productivity while allowing government employees to focus on higher-value work that directly improves mission outcomes. AWS announced the Generative AI Impact Initiative, a two-year, $50 million investment designed to accelerate AI adoption among public sector organizations. Since then, customers from around the world have increased innovation using AWS generative AI services and infrastructure, such as Amazon Bedrock, Amazon Q, and more. 3. Invest in upskilling and workforce training Technology is only as effective as the people who use it, and agencies that invest in continuous learning and workforce development are able to more fully realize the benefits of modernization. Upskilling is time and resources well spent. This is why AWS offers a wide range of training and certification programs designed specifically for public sector professionals, helping agencies close the digital skills gap and build a future-ready workforce. Federal employees can also take advantage of our newest programs: AWS Certified AI Practitioner and AWS Certified Machine Learning Engineer – Associate. Training has been a longstanding investment for AWS. In December 2020, AWS committed to investing hundreds of millions of dollars to provide free cloud computing skills training to 29 million people worldwide by 2025. More than a year ahead of schedule, AWS has surpassed this ambitious goal, having helped more than 31 million learners across 200 countries and territories build their cloud skills through its free training initiatives. This milestone represents AWS's relentless drive to democratize access to cloud careers and uplift communities worldwide. 4. Optimize budgets through data-driven decision making Efficient budgeting requires real-time visibility, strategic planning, and accountability. Cloud-based analytics tools can empower agencies to make smarter financial decisions and maximize the impact of public funds. According to an ESG Economic Validation study, 83 percent of organizations reported that AWS helped them improve their ability to perform analytics on their data, and organizations leveraging AWS analytics tools experienced a 37 percent improvement in the speed of data-driven decision making—enabling more strategic resource allocation and budget optimization. AWS tools can empower agencies to gain financial transparency and control through real-time cost monitoring and forecasting dashboards that track and predict spending patterns, resource optimization capabilities, and performance metrics that align spending directly with mission outcomes and citizen satisfaction. With solutions like Amazon DataZone, agencies can implement comprehensive data governance while democratizing access to insights. The Defense Innovation Unit used cloud technology to optimize air logistics, which has critical impact on national security. With the ability for on-time package delivery worldwide, AWS used its internal air logistics optimization engine to create a service that the U.S. Department of Defense (DoD) tested. During a demonstration, Amazon developed several route options which reduced the number of needed aircraft by up to 50 percent, drove mission operation cost savings by 12 percent, and reduced pallet delivery expenses by 10 percent. Conclusion Achieving meaningful modernization is not just attainable for government agencies—it's essential for America's continued AI leadership. By migrating to the cloud, adopting AI, investing in workforce development, and optimizing budgets, federal agencies can transform their operations while simultaneously strengthening the nation's position at the forefront of global innovation. At home, these modernization efforts create a powerful foundation for advanced AI applications that directly improve Americans' everyday interactions with government, building trust in institutions while ensuring taxpayer dollars deliver maximum value. AWS remains committed to working as a trusted mission partner with the federal government to achieve these goals through secure, scalable, and cost-effective cloud solutions that accelerate America towards technological advancement and AI leadership. By Chris Erasmus, The Country Manager, AWS, UAE
