Google Identifies New Threat Actor UNC6783 Targeting BPO Providers

Google’s Threat Analysis Group (TAG) identified a new threat actor designated UNC6783, which is targeting business process outsourcing (BPO) providers to infiltrate high-value corporate networks across multiple sectors. The group steals Zendesk support tickets containing sensitive customer data, including personally identifiable information (PII) and internal communications. The campaign leverages compromised BPO credentials to access corporate Zendesk instances, though no specific CVEs or exploitation techniques were disclosed. The attacks have been observed impacting organizations in finance, healthcare, and technology, with no exact timeline or victim count provided. Google TAG has not attributed UNC6783 to any known nation-state or criminal group.