Snow Malware Suite Turns Microsoft Teams Into a Help Desk Trap

GroupUNC6692 (financially motivated cluster, attribution unconfirmed beyond Mandiant tracking ID)TypeModular custom malware suite, browser extension plus Python tunneler plus Python backdoorMalwareSNOWBELT (Chromium extension), SNOWGLAZE (WebSocket and SOCKS tunneler), SNOWBASIN (local HTTP backdoor)DeliveryEmail bombing followed by Microsoft Teams impersonation of internal IT helpdesk staffScore7.5 High. Active campaign, novel