UNC6692 Combines Social Engineering, Malware, Cloud Abuse
Summary
A new threat actor, dubbed UNC6692, has been identified using a combination of social engineering, custom malware named "Snow," and cloud services like Microsoft Teams and AWS S3 buckets. This multifaceted approach allows them to conduct sophisticated and adaptable attacks.
IFF Assessment
The emergence of a new, sophisticated threat actor employing a multi-vector attack strategy that leverages common enterprise tools and cloud services poses a significant threat to organizations.
Defender Context
Defenders need to be aware of this actor's tactics, including their use of social engineering via platforms like Microsoft Teams and their abuse of cloud storage for staging and exfiltration. Monitoring for unusual activity within cloud environments and across communication channels will be crucial to detecting and mitigating these threats.