top of page
Scheider_300x600.jpeg
nvidio_728x90.png
TechNewsHub_Strip_v1.jpg

LATEST NEWS

Google threat intelligence issues critical warning on new extortion crew targeting global enterprises

  • Marijan Hassan - Tech Journalist
  • 8 minutes ago
  • 2 min read

Google’s Threat Intelligence Group (GTIG) has issued an urgent advisory regarding a sophisticated new extortion crew, currently tracked as UNC6783, which is systematically targeting high-value corporations across multiple sectors including technology, finance, and manufacturing.



The "helpdesk" infiltration tactic

According to principal threat analyst Austin Larsen, UNC6783 utilizes a highly refined social engineering strategy that bypasses traditional technical defenses. The group specializes in "Live Chat Hijacking," where they pose as legitimate employees or IT support staff on platforms like Zendesk to direct victims to spoofed Okta login pages.


By leveraging custom phishing kits, the crew is able to:

  • Steal clipboard contents: Intercepting sensitive data as users copy and paste credentials.

  • Bypass MFA: Enrolling their own rogue devices into a victim's environment immediately after capturing a login session.

  • Persistent access: Using stolen credentials from Business Process Outsourcing (BPO) firms to pivot directly into the networks of their high-value corporate clients.


Links to "Mr. Raccoon" and Adobe Breach

Security researchers suggest that UNC6783 may be linked to the "Mr. Raccoon" persona, an actor who recently claimed responsibility for a massive Adobe breach. In that incident, the attacker allegedly exfiltrated 13 million support tickets and 15,000 employee records by first compromising a third-party support provider in India.


The group’s signature move involves delivering ransom notes via Proton Mail after a successful data theft, threatening to leak sensitive internal documents and HackerOne vulnerability submissions if their demands are not met.


The emergence of UNC6783 aligns with Google’s Cybersecurity Forecast 2026, which identifies data theft and multifaceted extortion as the most financially disruptive category of cybercrime this year.


Mitigation Steps

Google recommends that organizations:

  • Audit Managed File Transfer (MFT) systems: These have become "Ground Zero" for high-volume data exfiltration.

  • Harden Helpdesk Protocols: Implementing strict out-of-band verification for any live chat requests involving credential resets or login issues.

  • Monitor Virtualization Infrastructure: Attackers are increasingly pivoting to hypervisors to render entire digital estates inoperable within hours.

wasabi.png
Gamma_300x600.jpg
paypal.png
bottom of page