Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite

**Executive summary:** UNC6692 leveraged SNOWBELT/SNOWGLAZE to tunnel into a victim environment, performed internal port scanning and lateral movement via PsExec and RDP, dumped LSASS memory to harvest credentials, used Pass‑The‑Hash to access Domain Controllers, mounted and extracted NTDS.dit and registry hives with FTK Imager, and exfiltrated sensitive data via LimeWire while capturing screens.