🎯 Threat Intelligence

Snow Job: How UNC6692 use Email Floods and Fake IT Support to Plant Its 'Snow' Malware

Remember when we thought email phishing was the peak of sophisticated social engineering? Think again. UNC6692 just rewrote the playbook, proving the old tricks, when combined with a relentless barrage, can still make for a nasty surprise.

CVE Watch Apr 28, 2026 5 min read
Stylized illustration of an overflowing inbox with digital debris, representing overwhelming email volume.

⚡ Key Takeaways

  • UNC6692 employs 'email bombing' and social engineering, impersonating IT support, to deploy the 'Snow' malware. 𝕏
  • The 'Snow' malware framework consists of Snowbelt, Snowglaze, and Snowbasin, facilitating initial access, lateral movement, and data exfiltration. 𝕏
  • Attackers use trusted cloud platforms like AWS S3 and obscure tools like LimeWire for command and control and data exfiltration, making detection difficult. 𝕏
Published by

CVE Watch

Threat intelligence. Zero noise.

#APT #cloud security #email bombing #malware analysis #snow malware #social engineering #unc6692

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by SecurityWeek

Related Stories

📬

Stay in the loop

The week's most important stories from CVE Watch, delivered once a week.

No spam. Unsubscribe any time.