Fake IT Helpdesk on Microsoft Teams Deploys Snow Malware #cybersecurity #microsoftteams #phishing

Your inbox just got bombed with thousands of spam emails. A minute later, "IT" messages you on Microsoft Teams to help fix it. That's the trap. Google's Mandiant team just published the breakdown. They're calling the group UNC6692, and they've been running this playbook against companies since December 2025: email-bomb the target, pose as IT helpdesk over Microsoft Teams via outside chat invites, then get the victim to run a fake patch called "Mailbox Repair and Sync Utility." That patch silently installs SNOWBELT — a malicious Chromium browser extension on Edge — which pulls in SNOWGLAZE (a tunneler that gives the attackers a quiet pipe into the corporate network) and SNOWBASIN (a full backdoor with screenshots and remote command execution). Most of the targets so far have been senior employees, because their access puts the attacker much closer to the file servers, domain controllers, and credentials they actually want. Sources: https://cloud.google.com/blog/topics/threat-intelligence/unc6692-social-engineering-custom-malware https://www.bleepingcomputer.com/news/security/threat-actor-uses-microsoft-teams-to-deploy-new-snow-malware/ More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday.