UNC6692 Group Uses Social Engineering to Deploy Custom Malware

Google Threat Intelligence identified UNC6692, a new threat group conducting multi-stage attacks using social engineering and custom malware. The campaign began with mass emails to overwhelm targets, followed by phishing messages via Microsoft Teams impersonating IT helpdesk staff. Victims were tricked into clicking links for fake email spam patches, which downloaded malicious AutoHotkey binaries from AWS S3 buckets. The attackers exploited trust in enterprise software to achieve deep network penetration. This demonstrates evolving tactics combining social manipulation with modular malware and browser extensions to compromise organizational security. Source: Google Threat Intelligence Group.