CyberheistNews Vol 16 #19 Crafty Criminals Continue to Pose as Help Desks in Social Engineering Attacks
KnowBe4, Tuesday, May 12th, 2026
Google researchers track UNC6692 threat actors impersonating IT help desks via Teams to distribute malware through phishing pages.
Google's Threat Intelligence Group has identified a threat actor tracked as UNC6692 that impersonates IT help desks to trick users into installing malware. The attackers send spam emails, then contact victims via Microsoft Teams offering help, directing them to a fake "Mailbox Repair Utility" phishing page designed to harvest credentials through psychological manipulation tactics.
The campaign demonstrates how modern attackers blend social engineering with technical evasion, leveraging legitimate cloud services for malware delivery and command-and-control infrastructure to bypass traditional security filters.