About Us Advertise Company Account
JUMPSEAT
AEROSPACE NEWS
Home Categories TECHNOLOGY & SYSTEMS

UNC6692 Threat Actor Combines Social Engineering, Malware

April 27, 2026
2 min read
Sponsored by: Jumpseat Solutions
Key Takeaways
  • UNC6692 threat actor uses social engineering and custom malware.
  • Abuses legitimate cloud infrastructure like AWS S3 buckets.
  • Utilizes Microsoft Teams for phishing.
  • Installs malicious Chromium browser extension.
Sign in to view key takeaways Get full access to in-depth analysis and key takeaways.
Sign In
Silver membership required Upgrade to Silver to access Key Takeaways.
Upgrade
Strategic Implications

This campaign may indicate a growing trend of financially motivated threat actors leveraging cloud infrastructure and social engineering, which could pose significant challenges for defenders. The use of custom malware and legitimate cloud services suggests a high level of sophistication, which may signal a shift in the threat landscape.

Sign in to view strategic implications Get full access to strategic analysis and expert insights.
Sign In
Silver membership required Upgrade to Silver to access Strategic Implications.
Upgrade

What Happened

Newly Tracked Group Abuses Cloud Infrastructure And Custom Malware

A newly discovered threat actor, tracked as UNC6692, is using a combination of social engineering techniques, abuse of legitimate cloud infrastructure, and custom malware to conduct a multipronged campaign. The threat actor, which is believed to be financially motivated, has been observed using Microsoft Teams, AWS S3 buckets, and custom ‘Snow’ malware. According to a blog post by Google Threat Intelligence Group and Mandiant, the attack chain involves a multistage intrusion campaign, including the installation of a malicious Chromium browser extension and the use of a Python tunneler. This was first reported by Dark Reading.

Source

Companies Mentioned
Google Microsoft Amazon Mandiant
Topics
Cybersecurity Cloud Security Malware Social Engineering Threat Intelligence
Advertisement 728 × 90
JUMPSEAT
AEROSPACE NEWS
JUMPSEAT
AEROSPACE NEWS
Category Company
Commercial Aviation Defense & Security
Policy, Markets & Finance Private Aviation
Space & Satellites Supply Chain & Manufacturing
Technology & Systems
Home Categories TECHNOLOGY & SYSTEMS

UNC6692 Threat Actor Combines Social Engineering, Malware

April 27, 2026
2 min read
Sponsored by: Jumpseat Solutions
Key Takeaways
  • UNC6692 threat actor uses social engineering and custom malware.
  • Abuses legitimate cloud infrastructure like AWS S3 buckets.
  • Utilizes Microsoft Teams for phishing.
  • Installs malicious Chromium browser extension.
Sign in to view key takeaways Get full access to in-depth analysis and key takeaways.
Sign In
Silver membership required Upgrade to Silver to access Key Takeaways.
Upgrade
Strategic Implications

This campaign may indicate a growing trend of financially motivated threat actors leveraging cloud infrastructure and social engineering, which could pose significant challenges for defenders. The use of custom malware and legitimate cloud services suggests a high level of sophistication, which may signal a shift in the threat landscape.

Sign in to view strategic implications Get full access to strategic analysis and expert insights.
Sign In
Silver membership required Upgrade to Silver to access Strategic Implications.
Upgrade

What Happened

Newly Tracked Group Abuses Cloud Infrastructure And Custom Malware

A newly discovered threat actor, tracked as UNC6692, is using a combination of social engineering techniques, abuse of legitimate cloud infrastructure, and custom malware to conduct a multipronged campaign. The threat actor, which is believed to be financially motivated, has been observed using Microsoft Teams, AWS S3 buckets, and custom ‘Snow’ malware. According to a blog post by Google Threat Intelligence Group and Mandiant, the attack chain involves a multistage intrusion campaign, including the installation of a malicious Chromium browser extension and the use of a Python tunneler. This was first reported by Dark Reading.

Source

Companies Mentioned
Google Microsoft Amazon Mandiant
Topics
Cybersecurity Cloud Security Malware Social Engineering Threat Intelligence
Categories
Commercial Aviation
880
Defense & Security
1647
Policy, Markets & Finance
218
Private Aviation
326
Space & Satellites
438
Supply Chain & Manufacturing
134
Technology & Systems
110
View All Categories →
Top Companies
Boeing
552
Airbus
489
Lockheed Martin
304
Nasa
255
Spacex
193
Us Air Force
191
Pilatus
186
Us Army
180
View All Companies →
Advertisement 300 × 250 Google AdSense