Threat actor uses Microsoft Teams to deploy new “Snow” malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. [...]
Coverage of named threat actors and intrusion sets examines reported incidents, infrastructure, disruption, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Coverage under this tag concerns a named threat actor or intrusion set: an individual, group, or organized operation assessed to be responsible for malicious cyber activity. Reports may describe incidents, malware, attack infrastructure, disruption efforts, or analyst assessments. Attribution is often provisional, so actor names and reported links should be treated as intelligence judgments rather than established identity, nationality, sponsorship, or motive.
For defenders, such reporting can help connect incidents and prioritize monitoring, but indicators and techniques may be reused or become obsolete. Validate reported infrastructure, hashes, and behaviors against local telemetry; use confirmed weaknesses to guide vulnerability remediation and access controls. If activity is suspected, preserve relevant logs and evidence, contain affected accounts or systems, and coordinate investigation without relying on an actor label alone.
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. [...]
A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. [...]
France Titres, the government agency in France for issuing and managing administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data. [...]
Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. [...]
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. [...]