"As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an account outside their organization."
"The goal of the conversation is to trick victims into installing legitimate remote monitoring and management (RMM) tools like Quick Assist or Supremo Remote Desktop to enable hands-on access, and then weaponize it to drop additional payloads."
"From March 1 to April 1, 2026, 77% of observed incidents targeted senior-level employees, up from 59% in the first two months of 2026."
UNC6692 is a newly identified threat activity cluster that employs social engineering tactics through Microsoft Teams to install custom malware on compromised systems. The group impersonates IT helpdesk staff to convince victims to accept chat invitations from external accounts. This tactic follows a large email campaign that floods targets' inboxes with spam, creating urgency. The approach has been linked to former Black Basta affiliates and is particularly aimed at executives for data theft and ransomware deployment. Recent data shows a significant increase in targeting senior-level employees.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]