UNC6692 uses Microsoft Teams in malware campaign

The threat cluster known as UNC6692 is conducting a social engineering campaign by impersonating internal IT helpdesk personnel on Microsoft Teams. The group uses the inherent trust in the enterprise collaboration platform to establish contact with targets before deploying the SNOW malware, according to a report published on April 23, 2026. This tactic represents an evolution in the abuse of trusted internal communication channels for credential harvesting and gaining initial access to networks. Organizations that rely on Microsoft Teams for support workflows are at elevated risk without robust identity verification protocols.