UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access. The post UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware appeared first on SecurityWeek.
A recently discovered threat actor has been observed bombarding victims with emails and impersonating IT support to convince them to execute malicious code, Google Threat Intelligence Group (GTIG) reports.
In December 2025, the threat actor, tracked as UNC6692, was seen overwhelming the target with email messages and then contacting the victim via Microsoft Teams, posing as an IT helpdesk employee.
Pretending to provide assistance with the large volume of incoming emails, the attackers tricked the victim into clicking on a URL leading to a phishing page offering a fake mailbox repair utility.
Source: https://www.securityweek.com/unc6692-uses-email-bombing-social-engineering-to-deploy-snow-malware/
Related breach coverage
- Spectrum Security Emerges From Stealth Mode With $19 Million2026-04-28
The threat detection startup will invest in accelerating its engineering and go-to-market efforts. The post Spectrum Security Emerges From Stealth Mode With $19 Million appeared first on SecurityWeek.
- SonicWall Urges Immediate Patching of Firewall Vulnerabilities2026-04-30
The bugs could be exploited to bypass security controls, access restricted services, and crash firewalls. The post SonicWall Urges Immediate Patching of Firewall Vulnerabilities appeared first on SecurityWeek.
- Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months2026-04-30
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek.
- 38 Vulnerabilities Found in OpenEMR Medical Software2026-04-29
Some of the vulnerabilities discovered by Aisle can be exploited to access and alter sensitive patient information. The post 38 Vulnerabilities Found in OpenEMR Medical Software appeared first on SecurityWeek.