Google's Threat Intelligence Group has identified a new threat actor, UNC6783, targeting business process outsourcing (BPO) providers to breach high-value companies. The group uses social engineering, phishing campaigns, and spoofed Okta login pages on Zendesk-pattern domains to steal credentials and bypass MFA. After gaining access, they exfiltrate sensitive data and extort victims via ProtonMail. UNC6783 may be linked to a persona called 'Mr. Raccoon,' who claimed responsibility for breaches at Adobe and CrunchyRoll, allegedly stealing 13 million support tickets. Mandiant recommends FIDO2 security keys, live chat monitoring, and regular MFA device audits as defenses.
Table of contents
Related Articles:Sort: