UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
The Hacker News·60-word summary·1 min read
Cybersecurity researchers identified UNC6692, a threat group using social engineering via Microsoft Teams to deploy SNOW malware. The group impersonates IT helpdesk staff, convincing victims to accept chat invitations from malicious accounts. The campaign highlights evolving tactics in social engineering attacks leveraging popular collaboration tools, with ongoing investigations into the threat actor.
Lido proposes allocating up to $5.8 million in staked ETH to cover a shortfall caused by last week's $292 million exploit on Kelp DAO’s rsETH bridge. The proposal aims to stabilize the ecosystem and prevent further losses, highlighting ongoing risks in DeFi security and the importance of contingency funds for large-scale exploits.
Lido Finance has flagged a 9% exposure to rsETH following the KelpDAO exploit, which has impacted rsETH markets. On April 23, 2026, Lido paused EarnETH withdrawals to limit risk amid the liquidity crunch. The firm confirmed limited exposure and deployed safeguards as the fallout from the KelpDAO breach continues to spread across DeFi platforms.
UK Prime Minister Keir Starmer has warned of potential foreign-backed proxy attacks targeting political institutions, amid rising concerns over foreign interference and political instability. The warning, issued on April 23, 2026, emphasizes the need for enhanced security measures to counteract these threats, which could complicate legislative efforts and increase instability within the UK’s political landscape.
The US Treasury has sanctioned Cambodian senator Kok An, alleging his involvement in a large-scale crypto scam network. The sanctions, announced on April 23, 2026, target An’s resorts and casinos, which are accused of facilitating the illegal operation. This move highlights ongoing efforts to combat crypto-related financial crimes linked to political figures.
Aave has launched the 'DeFi United' Relief Fund to restore rsETH backing following the Kelp exploit. Lido is the first to participate, proposing up to 2,500 stETH as part of the effort. The initiative aims to stabilize the affected assets and reinforce security within the DeFi ecosystem after the security breach.
Trigona ransomware attacks now employ a custom command-line exfiltration tool to enhance data theft efficiency. The attacks, observed recently, demonstrate an evolution in their tactics, allowing faster and more effective data exfiltration from compromised systems. This development highlights ongoing security challenges in the Web3 space, emphasizing the need for robust defenses against sophisticated ransomware threats.
