Casting a Wider Net: ClickFix, Deno, and LeakNet’s Scaling Threat

ReliaQuest documents that ransomware operator "LeakNet" is expanding by using ClickFix lures delivered via compromised legitimate websites and a Deno-based, in-memory loader to execute base64-encoded JavaScript, establish C2, and then employ a consistent post-exploitation chain (jli.dll DLL sideloading, PsExec lateral movement, and S3 bucket staging); the report includes IOCs, MITRE ATT&CK mappings, and prioritized detection and response guidance.