Product

Microsoft Teams

2 briefs RSS

UNC6692 Combines Social Engineering, Malware, and Cloud Abuse

UNC6692 is a newly discovered, financially motivated threat actor that combines social engineering via Microsoft Teams, custom malware named SNOWBELT, and abuse of legitimate AWS S3 cloud infrastructure in its attack campaigns to steal credentials and prepare for data exfiltration.

Microsoft Teams +1 UNC6692 social-engineering malware cloud-abuse credential-theft lateral-movement

2r 12t 6d ago

medium advisory

Suspicious Child Processes from Communication Applications

3 rules 3 TTPs

The detection rule identifies suspicious child processes spawned from communication applications on Windows systems, potentially indicating masquerading or exploitation of vulnerabilities within these applications.

Elastic Defend +12 defense-evasion persistence windows

3r 3t Jan 31, 2024