What is UNC6783 and how does it attack BPOs?

UNC6783 is a financially motivated hacking group using live chat social engineering to phish credentials from helpdesks and BPOs, stealing data for extortion via fake Okta pages and malware.

How to protect helpdesks from UNC6783 phishing?

Deploy FIDO2 hardware keys, monitor chats for external links, block suspicious domains like zendesk-support[.]com, and audit MFA devices regularly.

Is UNC6783 linked to other hacker groups?

Google ties it loosely to the 'Raccoon' persona, with tactics echoing Lapsus$-style extortion via social engineering and RATs.

🎯 Threat Intelligence

Helpdesk Hell: Google's UNC6783 Warning Exposes BPO Phishing Plague

Imagine typing 'forgot password' into chat support, only for hackers to snag your credentials. Google's latest alert on UNC6783 shows BPOs are prime targets for this extortion racket.

theAIcatchup Apr 09, 2026 3 min read

Hackers targeting live chat support on a computer screen with phishing domains

⚡ Key Takeaways

UNC6783 exploits live chats at BPOs for credential theft and extortion, bypassing MFA via clipboard grabs. 𝕏
Switch to FIDO2 keys immediately—SMS and app MFA are sitting ducks. 𝕏
This isn't new; it's Lapsus$ tactics evolved for profit, hitting helpdesks hardest. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#BPO phishing #Google Threat Intelligence #UNC6783 #helpdesk extortion

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by InfoSecurity Magazine

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Hackers Are Storming the Backdoor: Google's Warning on BPO Data Heists

Google's Strike on IPIDEA: Proxy Empire Crumbles

Dozens of Elite Corporations Rocked by UNC6783's Helpdesk Phishing Onslaught

UNC6783 Hackers Are Pillaging Zendesk Tickets from Dozens of Firms

Stay in the loop