EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Google warns of new extortion campaign targeting BPOs and helpdesks

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-08 21:46 UTCUpdated 2026-04-09 18:24 UTC
rss
cveexploitsbreachesmalwarethreat_actorsadvisories
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (4)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
View all evidence
Overview

Google has identified a new threat group, UNC6783, likely linked to the hacker known as Mr. Raccoon, conducting phishing and social engineering attacks against business process outsourcing firms (BPOs) and helpdesks.

Entities
UNC6783Mr. Raccoon
Score total
1.34
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
  • The campaign is newly identified and actively targeting multiple high-value corporations.
  • Link to a known hacker persona, Mr. Raccoon, suggests a sophisticated and persistent threat.
  • Heightened awareness can help organizations mitigate risks from supply chain and helpdesk attacks.
Why it matters
  • BPOs and helpdesks are critical attack vectors for accessing corporate networks.
  • Phishing and social engineering remain effective methods for threat actors to breach enterprises.
  • Enterprises must strengthen security controls around third-party service providers to prevent data theft and extortion.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • UNC6783 targets BPOs and helpdesks using phishing and social engineering to steal corporate data and extort companies
How sources frame it
  • Google Threat Intelligence: neutral
  • Infosecurity Magazine: neutral
  • SC Media: neutral
  • The Register Security: neutral
All evidence
All evidence
'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree
The Register Security · go.theregister.com · 2026-04-09 17:11 UTC
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
SecurityWeek · securityweek.com · 2026-04-09 09:44 UTC
Google Warns of New Threat Group Targeting BPOs and Helpdesks
Infosecurity Magazine · infosecurity-magazine.com · 2026-04-09 08:35 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
  • SC Media (1)
  • The Register Security (1)
  • SecurityWeek (1)
  • Infosecurity Magazine (1)
Top origin domains (this list)
  • scworld.com (1)
  • go.theregister.com (1)
  • securityweek.com (1)
  • infosecurity-magazine.com (1)