UNC6783 is actively targeting support teams through spoofed Zendesk domains and social engineering to steal support tickets for extortion, with the threat actor using phishing kits that bypass MFA by stealing clipboard contents and deploying remote access malware. Google Mandiant recommends implementing FIDO2 security keys, monitoring live chat for abuse, blocking spoofed Zendesk-pattern domains, and auditing MFA device enrollments to defend against these attacks.
Google: New UNC6783 hackers steal corporate Zendesk support tickets BleepingComputer
A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. [...]