Summary

A new threat actor group, UNC6692, has been identified using social engineering techniques via Microsoft Teams to distribute a custom malware suite called SNOW. The attackers impersonate IT helpdesk staff to deceive victims into accepting chat invitations.

Key Points

• UNC6692 is a newly identified threat activity cluster.
• The group uses Microsoft Teams for social engineering attacks.
• Attackers impersonate IT helpdesk employees to gain trust.
• The malware deployed is a custom suite named SNOW.
• This method of attack highlights the increasing use of legitimate communication platforms for malicious purposes.

Analysis

The tactics employed by UNC6692 underscore the evolving nature of cyber threats, where attackers leverage trusted communication tools like Microsoft Teams to infiltrate organizations. This approach not only exploits the inherent trust in IT helpdesk interactions but also bypasses traditional security measures that may not scrutinize internal communications as rigorously.

Conclusion

IT professionals should enhance their security awareness training, focusing on the risks of social engineering and the importance of verifying the identity of IT support personnel. Additionally, implementing stricter controls and monitoring on internal communication platforms can help mitigate such threats.