Google Threat Intelligence Group

Google Details UNC6692’s Teams Impersonation Campaign Using ‘Snow’ Malware

The analysis says the group hid tools on trusted cloud services, making the scheme hard to detect.