New Threat Actor UNC6692 Conducts Multipronged Campaign Using Social Engineering, Malware, and Cloud Abuse

A newly identified threat actor, tracked as UNC6692, is conducting a multipronged campaign combining social engineering, malware deployment, and cloud abuse. The group leverages Microsoft Teams for initial access, abuses AWS S3 buckets for malicious operations, and employs a custom malware strain dubbed "Snow." No specific dates, victim details, or CVE identifiers were disclosed in the report. The campaign’s technical impact includes unauthorized access to cloud environments and potential data exfiltration or lateral movement. The attack chain integrates phishing via Teams, cloud infrastructure exploitation, and bespoke malware to achieve its objectives.