Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite

Google Threat Intelligence Group identified UNC6692's multistage intrusion combining social engineering, custom malware, and lateral movement.

• •Microsoft Teams-based social engineering delivered AutoHotkey binary and SNOWBELT malicious Chromium extension
• •SNOWBELT persistence via scheduled tasks, startup shortcuts, and headless Microsoft Edge process execution
• •Python network scanning (ports 135, 445, 3389) and PsExec tunneling enabled lateral movement
• •LSASS memory extraction and Pass-The-Hash for domain controller privilege escalation
• •Active Directory database dumping (NTDS.dit, SAM, SYSTEM, SECURITY) via FTK Imager for exfiltration

This summary was automatically generated by AI based on the original article and may not be fully accurate.