UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
Summary
A new threat group, UNC6692, is using social engineering tactics on Microsoft Teams to impersonate IT helpdesk staff. Their goal is to trick victims into accepting chat invitations and subsequently deploy a custom malware suite, identified as SNOW malware.
IFF Assessment
FOE
This is bad news for defenders as it highlights a new threat group using sophisticated social engineering and malware delivery techniques.
Defender Context
Defenders should be aware of UNC6692 and their tactics, especially the use of Microsoft Teams for initial access through social engineering. Organizations need to reinforce user education on recognizing and reporting suspicious IT helpdesk communications and be vigilant against the SNOW malware.