UNC6692 Threat Group Uses Microsoft Teams for Malware Deployment

A previously unidentified threat group, tracked as UNC6692, has been observed using social engineering tactics via Microsoft Teams to deploy a custom malware suite named SNOW on compromised systems. The attackers impersonated IT help desk employees to persuade victims into accepting Microsoft Teams chat invitations from fraudulent accounts. No specific dates, victim organizations, or technical indicators such as CVE IDs were disclosed in the reported activity. The campaign relies on deception to gain initial access, though further details on the malware’s functionality or impact remain unconfirmed. The threat actor’s methods align with recent trends of exploiting trusted communication platforms for malicious purposes.