MalwareApr 27, 2026
UNC6692 Combines Social Engineering, Malware, Cloud Abuse
UNC6692 threat actor deploys Snow malware via Teams and AWS S3 in multi-stage campaign.
Summary
UNC6692, a newly discovered threat actor, is conducting a sophisticated campaign combining social engineering, custom malware named "Snow," and cloud service abuse. The attacker leverages Microsoft Teams for initial contact and AWS S3 buckets for malware distribution and command-and-control operations. This multipronged approach demonstrates how threat actors are increasingly abusing legitimate cloud services to evade detection.
Indicators of Compromise
- malware — Snow
Entities
UNC6692 (threat_actor)Microsoft (vendor)Microsoft Teams (product)Amazon Web Services (vendor)AWS S3 (product)