UNC6692 Threat Campaign Merges Teams Phishing, S3 Abuse, and Snow Malware

The newly identified UNC6692 campaign leverages Microsoft Teams as a phishing vector, exploits misconfigured AWS S3 buckets, and drops the custom Snow malware payload.

UNC6692 Exploits Cloud and Collaboration Tools

Analysts note a rapid ↑ 18% increase in compromised accounts within weeks, while the actor’s data exfiltration volume later fell ↓ 5%.

Social engineering via Teams

Victims receive convincing invites that masquerade as internal meetings, prompting credential submission. Snow malware, once installed, establishes persistence and communicates with external command servers.

“We observed the actor deploying Snow across multiple regions,” said a security analyst.

The operation’s reliance on cloud storage mirrors trends highlighted by Reuters and Bloomberg. For broader context, see recent nuclear developments that underscore the growing convergence of cyber and geopolitical threats.

Words by: Kaelen Frost

Lead Cybersecurity Analyst