What is UNC6783 and how do they attack?

UNC6783 is a new extortion group tracked by Google, using helpdesk phishing , BPO compromises, and MFA bypasses to steal corporate data for ransom.

Did UNC6783 breach Adobe?

Likely yes—Mr. Raccoon's claimed Adobe hack via Indian BPO matches UNC6783 tactics, per Google and malware analysts.

How can companies stop helpdesk phishing?

Segment vendor access, monitor Okta anomalies, train on chat social engineering, and enforce zero-trust for BPOs.

🔓 Data Breaches

Dozens of Elite Corporations Rocked by UNC6783's Helpdesk Phishing Onslaught

Several dozen high-value corporations just got phished through their own helpdesks. Google's calling out UNC6783, a slick extortion crew that's turning support chats into backdoors.

theAIcatchup Apr 09, 2026 3 min read

Cyber attackers phishing corporate helpdesk chat interface with spoofed Okta login

⚡ Key Takeaways

UNC6783 targeted dozens of high-value firms via BPO and helpdesk phishing, bypassing MFA with clipboard stealers. 𝕏
Adobe breach claim by Mr. Raccoon aligns perfectly with UNC6783 tactics, stealing millions of tickets. 𝕏
BPO vulnerabilities mirror past attacks like Scattered Spider; expect escalation as cloud adoption grows. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#BPO attacks #UNC6783 #extortion crew #helpdesk phishing

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Register Security

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

UNC6783 Hackers Are Pillaging Zendesk Tickets from Dozens of Firms

Helpdesk Hell: Google's UNC6783 Warning Exposes BPO Phishing Plague

Hackers Are Storming the Backdoor: Google's Warning on BPO Data Heists

MyLovely.AI's Massive Leak: 113K Explicit Prompts Tied to User IDs

Stay in the loop