UNC6783 is a threat actor Google tracks for targeting BPOs to steal Zendesk tickets from big companies, using phishing and social engineering for extortion.

How do UNC6783 hackers target Zendesk?

They spoof Zendesk domains in live chats, push fake Okta logins that steal clipboard MFA codes, and sometimes drop malware via bogus updates.

How to stop UNC6783 attacks?

Deploy FIDO2 keys, monitor chats, block spoofed domains, audit MFA enrollments, and vet BPOs like they're your own staff.

🔓 Data Breaches

UNC6783 Hackers Are Pillaging Zendesk Tickets from Dozens of Firms

Dozens of companies just got exposed. UNC6783 hackers are raiding Zendesk tickets via compromised BPOs, turning customer support into a goldmine for extortion.

theAIcatchup Apr 09, 2026 3 min read

Hackers infiltrating Zendesk support tickets via compromised BPO networks

⚡ Key Takeaways

UNC6783 exploits BPOs to access Zendesk tickets from dozens of firms via phishing and social engineering. 𝕏
Clipboard-stealing kits bypass MFA; FIDO2 hardware keys are a must. 𝕏
Audit vendors ruthlessly—outsourcing security is a myth. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#BPO compromise #UNC6783 #Zendesk phishing #social engineering extortion

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Dozens of Elite Corporations Rocked by UNC6783's Helpdesk Phishing Onslaught

Helpdesk Hell: Google's UNC6783 Warning Exposes BPO Phishing Plague

Hackers Are Storming the Backdoor: Google's Warning on BPO Data Heists

MyLovely.AI's Massive Leak: 113K Explicit Prompts Tied to User IDs

Stay in the loop