Tag: unc6692
3 articles

Microsoft Teams Used to Deploy Sophisticated Snow Malware
Cyber attackers have cleverly used Microsoft Teams to deploy a sophisticated malware suite, dubbed Snow, by tricking victims into installing a fake anti-spam patch that ultimately led to prolonged access, credential theft, and domain compromise. They started by creating a sense of urgency through email bombing, then followed up with a direct message on Microsoft Teams.

Threat Actors Exploit Microsoft Teams for SNOW Malware Deployment
Cyber attackers are exploiting Microsoft Teams by impersonating IT helpdesk staff, tricking victims into accepting chats from unfamiliar accounts and deploying SNOW malware. They start by flooding inboxes with urgent emails, then pose as IT support over Teams, offering to fix the problem.

UNC6692 Exposes Custom Malware Suite via Social Engineering
In a clever social engineering ploy, UNC6692 launched a massive email campaign in late December 2025, flooding targets with messages to create a sense of urgency and distraction, before following up with a convincing Microsoft Teams message that pushed a malicious link. The attackers then cleverly disguised their malware as a legitimate "Mailbox Repair and Sync Utility" patch, hosted on an Amazon S3 page.