UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
Summary
A threat actor group, identified as UNC6692, is employing email bombing and social engineering tactics to distribute a malware family known as 'Snow,' which includes variants like Snowbelt, Snowglaze, and Snowbasin. The primary objective of this malware is to establish persistent access to victim systems.
IFF Assessment
This is bad news for defenders as it highlights a new sophisticated attack campaign using social engineering and malware to gain persistent access.
Defender Context
Defenders should be aware of UNC6692's tactics, specifically the use of email bombing and social engineering, as potential indicators of compromise. Training users to identify and report suspicious emails is crucial, as is implementing robust email filtering and endpoint detection and response (EDR) solutions to counter the deployment of the Snow malware family.