From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Multiple Vulnerabilities in Redis
January 7, 2025
Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk. CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ...
- EAGERBEE, with updated and novel components, targets the Middle East
January 6, 2025
In recent investigation into the EAGERBEE backdoor, kaspersky researchers found that it was being deployed at ISPs and governmental entities in the Middle East. The researchers analysis uncovered new components used in these attacks, including a novel service injector designed to inject the backdoor into a running service. Additionally, Kaspersky team discovered previously undocumented components (plugins) ...
- New Orleans attacker filmed visits to city weeks earlier, wore Meta smart glasses during attack
January 5, 2025
The New Orleans terrorist attacker visited the Louisiana city twice in the weeks before the attack and recorded video of the area using Meta smart glasses, the FBI revealed Sunday. Shamsud-Din Jabbar, 42, stayed at a rental home in New Orleans at the end of October and again in November, just weeks prior to his attack ...
- Don’t Click Twice – New Chrome, Edge, Safari Hack Attack Warning
January 5, 2025
Hundreds of millions of web users have been warned about a new and dangerous cyber attack that doesn’t care what browser you use—as long as you click twice. Here’s everything you need to know about the double-clickjacking hack attack. Application security and client-side offensive exploit researcher Paulos Yibelo, with a long history of discovering vulnerabilities and ...
- What We Know About CVE-2024-49112 and CVE-2024-49113
January 4, 2025
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score. This blog entry provides an overview of these two vulnerabilities and includes information that ...
- A Windows filetype update may have complicated cyber threat detection efforts
January 4, 2025
The use of archive files as malware delivery mechanisms is evolving, presenting challenges for Secure Email Gateways (SEGs), new research has claimed. A recent report by Cofense highlights how cybercriminals exploit various archive formats to bypass security protocols, particularly following a significant update to Windows in late 2023. Traditionally, .zip files have been the most common ...