Apr 08, 2026 • Bill Toulas
Google: New UNC6783 hackers steal corporate Zendesk support tickets
Threat actor UNC6783 is conducting supply chain attacks by compromising business process outsourcing (BPO) providers to gain unauthorized access to high-value...
Executive Summary
Threat actor UNC6783 is conducting supply chain attacks by compromising business process outsourcing (BPO) providers to gain unauthorized access to high-value corporate networks across multiple sectors. The attackers specifically target Zendesk support ticket systems, which often contain sensitive authentication credentials, password reset links, and confidential business communications. This indirect attack methodology allows adversaries to bypass direct security controls by exploiting trusted third-party relationships. Organizations should audit their BPO vendor access controls, enforce least privilege principles for support systems, and implement additional verification for ticket-based authentication flows. The campaign demonstrates the continued risk of supply chain attacks targeting trusted service providers.
Summary
A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. [...]
Published Analysis
Threat actor UNC6783 is conducting supply chain attacks by compromising business process outsourcing (BPO) providers to gain unauthorized access to high-value corporate networks across multiple sectors. The attackers specifically target Zendesk support ticket systems, which often contain sensitive authentication credentials, password reset links, and confidential business communications. This indirect attack methodology allows adversaries to bypass direct security controls by exploiting trusted third-party relationships. Organizations should audit their BPO vendor access controls, enforce least privilege principles for support systems, and implement additional verification for ticket-based authentication flows. The campaign demonstrates the continued risk of supply chain attacks targeting trusted service providers. A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. [...] A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. [...]
Linked Entities
- UNC6783