Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations

This report provides prioritized proactive hardening recommendations to defend against UNC6040 activity targeting SaaS applications via social engineering and vendor-impersonation. It outlines robust identity verification (live video proofing, out-of-band checks), identity provider controls (SSO, phishing-resistant MFA, device trust), automated risk-based response actions, and special handling procedures for help desk and third-party vendor requests to prevent credential theft and data exfiltration.