Attackers Continue to Pose as Help Desks in Social Engineering Attacks

### Executive Summary: Google Threat Intelligence Group (GTIG) reports that a threat actor tracked as UNC6692 is running a campaign that impersonates IT helpdesk personnel via mass spam and Microsoft Teams to lure victims to a phishing "Mailbox Repair Utility," harvest credentials (using a "double-entry" trick), and install custom malware and a malicious browser extension while hosting components on trusted cloud services for delivery and C2.