A newly identified threat group, named UNC6692, has been detected using Microsoft Teams as an entry point. The attackers pose as IT technicians and trick employees into accepting chat invitations from fake accounts. Once inside, they convince the victim to execute malicious files, installing the SNOW malware that grants full remote control of the system.
SNOW malware operates as a persistent backdoor 🛡️
SNOW is a remote access trojan designed to operate stealthily. Once executed, it establishes communication with command and control servers, allowing attackers to steal credentials, files, and sensitive data. The malware uses obfuscation techniques to evade detection and can execute arbitrary commands, move laterally across the network, and deploy additional payloads, all under the radar of basic security solutions.
The IT technician you didn't ask for who drains your account 💸
If you ever thought tech support was annoying, wait until you meet UNC6692. These fake technicians don't just ask you to turn your device off and on again; they also install a little gift called SNOW. The best part is you don't even need to call them: they contact you first, with that friendliness only a cybercriminal can fake. In the end, the only problem they solve is your bank account, leaving it empty.