Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
UNC6671 is involved in credential harvesting operations, utilizing vishing tactics to impersonate IT staff and directing victims to enter credentials on a victim-branded site. They have gained access to Okta customer accounts and employed PowerShell to download sensitive data from SharePoint and OneDrive. Their extortion tactics include aggressive harassment of victim personnel, and they have used unbranded extortion emails with different Tox IDs for communication. The threat actors have shown a preference for registering domains with Tucows, indicating potential operational differences from related threat groups.
No exploited CVEs have been attributed to this threat actor yet.
Browse CVE Database