Threat actor uses Microsoft Teams to deploy new “Snow” malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. [...]
Social engineering manipulates people into revealing access or approving actions, causing compromise; verify requests and enforce least privilege.
Search across headline titles and summaries.
Background for this topic.
Social engineering is the deliberate manipulation of people into disclosing information, bypassing a control, or performing an action for an attacker. It commonly uses phishing, voice or text messages, impersonation, pretexting, and physical access attempts. In a threat model, the attacker targets trust, urgency, authority, or helpfulness rather than exploiting software directly. Successful deception can expose credentials or personal data, authorize fraudulent payments, enable malware delivery, or provide an initial foothold for account or network compromise.
Effective defenses make sensitive requests independently verifiable and limit the damage of a mistake. Use phishing-resistant multi-factor authentication where practical, least-privilege access, and approval or call-back procedures for payments, password resets, and changes to account or banking details. Staff should have a simple way to report suspected messages without penalty; security teams can then investigate related accounts, messages, and login activity, revoke exposed credentials, and contain follow-on access. Awareness training helps people recognize pretexts, but should reinforce these technical and procedural controls rather than rely on vigilance alone.
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. [...]
Coming in cold with custom Snow malware A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and helpdesk staff impersonation - is also using custom malware in its data-stealing attacks, according to Google's Threat Intelligence Group.…
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts
Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk social engineering turns a seemingly legitimate reset request into full account compromise. [...]