🎭 UNC6692 Deploys Custom Snow Malware Suite via Teams Impersonation Google Thr...

🎭 UNC6692 Deploys Custom Snow Malware Suite via Teams Impersonation Google Threat Intelligence Group identified a previously unknown threat actor operating large-scale phishing campaigns since December 2025. The operation combines email spam floods with fake helpdesk outreach via Microsoft Teams, directing victims to fraudulent "Mailbox Repair" pages that harvest credentials through double-entry validation tricks while deploying modular malware components. The Snow malware ecosystem—SnowBelt browser extension, SnowGlaze WebSocket tunneler, and SnowBasin Python bindshell—establishes persistent footholds and disguises C2 traffic as legitimate encrypted web communications. This campaign exemplifies the growing sophistication of social engineering operations leveraging trusted enterprise platforms for initial access and data exfiltration. 🛰️ Open sources - closed narratives @sitreports