Hackers Exploit Microsoft Teams to Deliver “Snow” Malware via Fake IT Support 

A new cyberattack campaign has been discovered where hackers are misusing a trusted workplace tool, Microsoft Teams, to spread malware. This attack has been linked to a threat group known as UNC6692. Instead of relying only on phishing emails, attackers are now directly contacting employees through Teams. This makes the attack look more genuine and harder to suspect. As a result, many users may not realize they are being targeted.

According to security researchers, the attackers first create panic by sending a large number of spam emails to the victim. This technique is known as email bombing and is used to overwhelm the user. The sudden flood of emails creates confusion and stress in the victim’s mind. Because of this, the user becomes more likely to accept help from anyone offering a solution. This psychological trick is an important part of the attack.

After the email bombing, the attacker reaches out to the victim through Microsoft Teams. They pretend to be a member of the IT helpdesk and offer to fix the issue. Since Teams is commonly used for official communication, the message appears trustworthy. The victim often believes that the help is genuine and follows the instructions given. This shows how attackers are now exploiting trust instead of system weaknesses.

The attacker then asks the victim to click on a link or install a tool to solve the problem. However, this action actually starts the malware infection process. The link runs malicious scripts that begin installing harmful components on the system. The victim usually does not notice anything unusual at this stage. This makes the attack silent and effective.

The malware used in this campaign is called “Snow” and it is not just a single program. It is a complete suite of tools designed to take control of the system. It includes a malicious browser extension, tunneling tools, and a backdoor for remote access. One of its components, known as SnowBelt, runs in a hidden browser environment. This makes it very difficult for users to detect any suspicious activity.

Once installed, the malware allows attackers to perform multiple harmful actions. They can steal login credentials and gain unauthorized access to accounts. The attackers can also move across different systems within the organization. In some cases, they may even gain full control over the network domain. This level of access can lead to serious data breaches.

This attack is particularly dangerous because it does not rely on technical vulnerabilities. Instead, it focuses on manipulating human behavior and trust. Employees are used to receiving support messages from IT teams on platforms like Teams. Attackers use this familiarity to trick users into cooperating. Because of this, traditional security systems may not detect the threat easily.

Security experts warn that collaboration platforms like Microsoft Teams are becoming a new target for cyberattacks. Attackers are shifting from email-based phishing to real-time communication methods. This makes attacks more interactive and convincing for victims. Organizations need to improve both technical security and employee awareness. Proper training can help users recognize and avoid such threats in the future.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news