VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

UNC6692 impersonates IT in Microsoft Teams and deploys SNOW modules

UNC6692 маскируется под IT в Microsoft Teams и ставит SNOW-модули

Colleagues, a cybersecurity alert: Mandiant describes UNC6692, where attackers pose as IT support in Teams to deliver the SNOW suite.

Brief:
- Scenario: mass spam followed by a Teams message offering to “fix” an issue.
- Delivery: a link loads a script from S3, installs the SNOWBELT extension in Edge and additional modules (SNOWGLAZE, SNOWBASIN).
- Targets: mainly executives; ReliaQuest reports an uptick in incidents.

Recommendations: verify IT requests, block external invites/screen sharing, restrict RMM installs, and tighten PowerShell auditing.

Why it matters: attackers exploit trust in legitimate services and cloud infrastructure to evade defenses.

What are your IT verification procedures?

#cybersecurity #MicrosoftTeams #ThreatIntel #infosec

Latest comments

No comments yet.