A multistage intrusion campaign by UNC6692 leveraged social engineering via Microsoft Teams to deploy a custom modular malware suite, including a malicious Chromium browser extension (SNOWBELT). The attack involved impersonating IT helpdesk staff,诱导用户安装本地补丁, and establishing persistence through AutoHotKey scripts and scheduled tasks.
