Updated
Updated · The Hacker News · Apr 24
UNC6692 deploys SNOW malware suite via Microsoft Teams social engineering and phishing links
Updated
Updated · The Hacker News · Apr 24

UNC6692 deploys SNOW malware suite via Microsoft Teams social engineering and phishing links

7 articles · Updated · The Hacker News · Apr 24
  • From March 1 to April 1, 2026, 77% of observed incidents targeted senior-level employees, up from 59% earlier in 2026.
  • UNC6692 impersonates IT help desk staff, flooding inboxes with spam before sending phishing links through Teams to install SNOWBELT, a malicious browser extension, and harvest credentials via a fake 'Health Check' page.
  • The campaign exploits trusted cloud services for payload delivery and exfiltration, blending with legitimate traffic and bypassing traditional defenses, highlighting the growing threat of help desk impersonation attacks on collaboration platforms.
How can security teams hunt hackers who use legitimate IT tools?
Are executives now the weakest link in corporate cybersecurity?
Is Zero Trust the only realistic defense against attacks that trick humans?
Is this a new cyber gang or just Black Basta's old playbook?
Why is a simple 'IT help desk' message on Teams so effective?

Related Stories

The Hacker NewsApr 24
scworld.comApr 24
linkedinApr 24
cxodigitalpulse.comApr 24
Google CloudApr 24
InstagramApr 24
FacebookApr 24