APT / THREAT GROUP

UNC6692

1
aliases
Last seen:May 2, 2026

Intelligence Profile

UNC6692 is a threat actor that employs social engineering tactics, such as impersonating IT helpdesk personnel, to gain initial access to victim environments. They utilize a custom modular malware suite, including components like SNOWBELT, SNOWGLAZE, and SNOWBASIN, to facilitate deep network penetration and lateral movement. After extracting credentials from the LSASS process memory, they leverage Pass-The-Hash techniques to authenticate to domain controllers and exfiltrate sensitive data using LimeWire. The campaign highlights the systematic abuse of legitimate cloud services for payload delivery and command-and-control infrastructure.

Threat Analysis

UNC6692 is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning UNC6692

External References

Quick Facts

TypeAPT / Threat Group
Aliases1
SourceMalpedia

Also Known As

UNC6692

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.