UNC6783 is a threat actor flagged by Google Threat Intelligence , specializing in phishing BPOs to steal corporate data for extortion. Linked to 'Mr. Raccoon' and the Adobe breach claim.

How does UNC6783 bypass MFA in BPO attacks?

They use phishing kits that steal clipboard contents during MFA prompts, plus fake Okta/Zendesk pages to capture creds smoothly.

Are BPOs safe for my company's data?

Not without upgrades — audit access, enforce zero-trust, and drill staff. Google's warning shows they're prime targets.

🎯 Threat Intelligence

Hackers Are Storming the Backdoor: Google's Warning on BPO Data Heists

What if your most sensitive corporate secrets weren't stolen from your own servers — but from the offshore team handling your helpdesk? Google's latest alert on UNC6783 reveals this nightmare unfolding right now.

theAIcatchup Apr 09, 2026 4 min read

Cyber hackers targeting BPO helpdesk via phishing for corporate data theft

⚡ Key Takeaways

UNC6783 targets BPOs via sophisticated phishing, bypassing MFA with clipboard-stealing kits for data extortion. 𝕏
Linked to 'Mr. Raccoon' who claimed Adobe data theft from an Indian BPO. 𝕏
Defense: Zero-trust for outsourcers, employee training, and proactive threat hunting to avoid supply-chain breaches. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#BPO phishing #Google Threat Intelligence #UNC6783 #data extortion

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by SecurityWeek

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Helpdesk Hell: Google's UNC6783 Warning Exposes BPO Phishing Plague

Google's Strike on IPIDEA: Proxy Empire Crumbles

Dozens of Elite Corporations Rocked by UNC6783's Helpdesk Phishing Onslaught

UNC6783 Hackers Are Pillaging Zendesk Tickets from Dozens of Firms

Stay in the loop