Hackers have begun impersonating Microsoft Teams help desk workers to dupe victims into installing data-stealing malware.
That’s according to findings from Mandiant, the cybersecurity company owned by Google, flagged in a report Monday (April 27) from The Record.
The campaign is from a threat group called UNC6692, and combines email flooding, phishing messages and malicious browser extensions to breach corporate systems, Mandiant said.
“As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an account outside their organization,” Mandiant said on its blog.
“The UNC6692 campaign demonstrates an interesting evolution in tactics, particularly the use of social engineering, custom malware, and a malicious browser extension, playing on the victim’s inherent trust in several different enterprise software providers.”
According to Mandiant, the operation starts with a surge of emails designed to overwhelm the target inbox. From there, the attacker will make contact via Microsoft Teams using an account outside the victim’s organization, pretending to be an IT support worker and offering to help fix the email disruption.
Advertisement: Scroll to Continue
The hacker will tell the victim to install what seems to be a “patch” designed to stop the spam, but is actually a gateway to installing a malicious browser extension called SnowBelt. SnowBelt, Mandiant says, gives attackers a back entrance to hold on to access to corporate accounts and move within their systems without needing to repeatedly authenticate their presence.
These attacks are part of a larger trend PYMNTS covered last week, one that sees hackers “logging in” rather than breaking in.
“Cybercriminals ranging from state actors to industrialized ransomware syndicates are converging on the same strategic truth: the shortest path into a target is often through the digital relationships that help the target function,” that report said.
The fulcrum of enterprise cybersecurity is no longer the company laptop or data center,” PYMNTS added. It is the software-as-a-service layer between employees and the systems that matter most. These vulnerabilities have gone from being side channels to the main terrain.
That shift can be seen in some of the most consequential criminal operations so far this year.
These include the exposure of the FBI director’s personal inbox, a breach at Mercor — an AI data vendor to OpenAI, Anthropic, and Meta — and a wide-ranging Salesforce-centered extortion wave tied to the combined capabilities of multiple hacking groups.
“Taken together, these are not just breaches,” PYMNTS wrote. “They are signals. And the signal is clear: the architecture of digital risk has fundamentally changed.”
Hackers Pose as Microsoft Support to Breach Corporate Defenses | PYMNTS.com Top World News Today.
Hence then, the article about hackers pose as microsoft support to breach corporate defenses pymnts com was published today ( ) and is available on TOP world News today ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( Hackers Pose as Microsoft Support to Breach Corporate Defenses .. PYMNTS.com )
Also on site :
- The devil wears Old Navy? Inside Hollywood’s favorite movie marketing blitz
- How a Spanish startup pivoted to video AI and built a $230 million ARR business with no VC funding
- Walmart’s ‘Beautiful’ $30 Floor Lamp With Built-In Shelves ‘Creates a Calm and Relaxing Environment’