UNC6783 is targeting business process outsourcing (BPO) companies as a pathway to infiltrate major organizations, using phishing, social engineering, live-chat impersonation, and fake updates to steal sensitive data and deploy remote access malware. Google’s analysis and Mandiant recommendations emphasize measures such as FIDO2 hardware keys, live-chat monitoring, blocking Zendesk-like domains, and auditing MFA device registrations to reduce risk. #UNC6783 #Raccoon
Keypoints
- UNC6783 focuses on compromising BPO providers to reach larger enterprise targets.
- Phishing, social engineering, and live-chat manipulation are primary intrusion methods.
- Attackers deploy Okta-like fake login pages hosted on Zendesk-imitating domains to capture credentials.
- The phishing toolkit can capture clipboard data and fake updates that install remote access malware.
- Recommended defenses include FIDO2 hardware keys, monitoring live chat, blocking spoof domains, and reviewing MFA device registrations.
Read More: https://thecyberexpress.com/unc6783-bpo-providers-as-cyberattack-gateways/