top of page
ALL POSTS
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Distribute SNOW Malware
Key Findings UNC6692 is a previously undocumented threat group using Microsoft Teams to impersonate IT helpdesk staff and deploy custom SNOW malware Attack chain begins with email bombing campaigns followed by Teams-based social engineering to build false urgency Victims are tricked into clicking phishing links that download AutoHotkey scripts deploying SNOWBELT browser extension SNOW malware ecosystem is modular, including SNOWBELT backdoor, SNOWGLAZE tunneler, and SNOWBASIN
Apr 242 min read
n8n Webhooks Exploited Since October 2025 in Malware Distribution Campaign
Key Findings Threat actors have weaponized n8n webhooks since October 2025 to deliver malware and fingerprint devices through phishing campaigns Malicious emails containing n8n webhook URLs appear legitimate because they originate from trusted n8n domains Email volume containing these URLs increased 686% from January 2025 to March 2026 Two primary attack methods observed: malware delivery via fake document links and device fingerprinting using invisible tracking pixels Attack
Apr 162 min read
Lazarus Hackers Use Real US LLCs to Distribute Malware in GraphAlgo Scam
Key Findings North Korea-linked Lazarus Group registered legitimate US LLC to distribute malware targeting blockchain developers Hackers created fake company "Blocmerce" in Florida with fabricated CEO and official state filings using real residential addresses GraphAlgo campaign evolved from npm package distribution to hiding malware in GitHub release artifacts Remote Access Trojan (RAT) deployed after developers run test tasks, giving attackers full machine control Campaign
Apr 112 min read
bottom of page
