Undisclosed organization
December 1, 2025
•[ email bombing, Microsoft Teams impersonation, Snow malware ]
UNC6692 used email bombing and Microsoft Teams helpdesk impersonation to deliver the Snow malware suite, moved laterally through the victim environment, reached domain controllers, extracted the Active Directory database and registry hives with FTK Imager, and exfiltrated the files using LimeWire.
