The UNC6783 threat actor, potentially linked to 'Raccoon,' compromised Business Process Outsourcing (BPO) providers to target high-value companies. They utilized social engineering and phishing campaigns, including spoofed Okta login pages and fake security updates, to steal credentials, bypass MFA, deploy remote access malware, and exfiltrate sensitive data, such as 13 million support tickets from Adobe, for extortion.
Initial Access
BPO Provider Compromise
confirmed
UNC6783 compromised Business Process Outsourcing (BPO) providers to gain initial access to high-value corporate entities.
Defender cut points
Implement robust third-party risk management and security audits for BPO providers.Enforce strict access controls and network segmentation for BPO connections.
