1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'An interesting evolution in tactics': Google security experts fl

    From TechnologyDaily@1337:1/100 to All on Monday, April 27, 2026 11:45:25
    'An interesting evolution in tactics': Google security experts flag new cyber scam which abuses Microsoft Teams to steal your data

    Date:
    Mon, 27 Apr 2026 10:39:10 +0000

    Description:
    Hackers first create a problem then try to "solve it" by pretending to be IT helpdesk.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Google identifies new threat group, UNC6692, using spam floods and fake IT support messages via Microsoft Teams to trick victims Targets were lured to a landing page that harvested credentials and deployed a threepart malware framework themed around snow The toolkit
    includes a persistencefocused browser extension, a tunneling tool for data exfiltration, and a backdoor enabling full endpoint takeover Google has sounded the alarm on a previously undocumented threat actor group that uses cheeky social engineering tactics to deploy a trilogy of malware.

    In an in-depth report Google said it saw UNC6692 - seemingly a new collective - bombard target email inboxes with countless spam messages in a short timeframe. Soon after, they would reach out to the owner of that inbox via Microsoft Teams, through the cross-tenant feature, and introduce themselves
    as IT/helpdesk officials. They would say they were tasked with fixing the
    spam issue and would share a link to a landing page where the alleged fix can be found. Article continues below You may like Watch out Microsoft Teams
    users - hackers are spreading a dangerous new phishing scam, here's what we know Microsoft warns of Teams external IT impersonation attacks Watch out: hackers are hijacking Microsoft Teams messages to try and get access to your emails - here's what you need to look out for The 'snow' framework Victims
    who follow the link are first asked to do a health check by clicking a button on the page which prompts the user to authenticate using their email and password which are then siphoned to the attackers servers.

    Google also noticed the login attempt never works on the first try - which is a deliberate attempt to increase perceived legitimacy and make sure victims dont share a fake or typod password.

    After logging in, the page then performs an email integrity check, which is just a cover for what goes on in the background - the deployment of a malware framework consisting of three elements.

    "By the time the user receives a 'Configuration completed successfully' message, the attacker has secured the credentials and potentially established a persistent foothold on the endpoint using these staged files," Google said in the report. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    The framework is themed around snow, and contains three tools: SnowBelt, SnowGlaze, and SnowBasin.

    The first is a Chromium-based extension that establishes persistence via the browsers extension registration system. The extensions are often named MS Heartbeat or System Heatbeat.

    The second is a tunneler that creates an authenticated WebSocket tunnel, enabling easy communication and possible data extraction. The third one is a backdoor that allows full endpoint takeover. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/an-interesting-evolution-in-tactics-goo gle-security-experts-flag-new-cyber-scam-which-abuses-microsoft-teams-to-steal -your-data


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)