From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI: 2023 Top Routinely Exploited Vulnerabilities
November 12, 2024
In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities ...
- ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI
November 12, 2024
In the race to gain a competitive edge, organizations are increasingly training artificial intelligence (AI) models on sensitive data. But what if a seemingly harmless AI model became a gateway for attackers? A malicious actor could upload a poisoned model to a public repository, and without realizing it, your team could deploy it in your environment. ...
- Tracking the recent activities of the APT-Q-27
November 12, 2024
Overview In May 2022, Qi’anxin Threat Intelligence Center published an article titled “Operation Dragon Breath (APT-Q-27): A Dimensionality Reduction Attack on the Gambling Industry”, disclosing the attack activities of GoldenEyeDog (Qi’anxin internal tracking number APT-Q-27) against the gambling industry, and at the end of the article introduced the Miuuti Group —— an attack group targeting ...
- Amazon Confirms Employee Data Was Exposed Through MOVEit Breach
November 12, 2024
In a significant development that underscores the lasting impact of 2023’s MOVEit vulnerability, Amazon has confirmed that employee data was compromised through a third-party property management vendor. The breach, revealed by a threat actor known as “Nam3L3ss,” exposes the continuing ripple effects of one of last year’s most devastating supply chain attacks. The compromise stems from ...
- AT&T, Ticketmaster data breach hackers charged with stealing 50 billion records
November 12, 2024
The U.S. has indicted two individuals, Connor Moucka and John Binns, according to new documents, for hacking third-party cloud data storage and analytics company Snowflake. The Snowflake hack led to data breaches at numerous companies using the platform such as AT&T, Ticketmaster, and more than 150 other corporations. Read more… Source: MSN News Sign up for our Newsletter Related:
- New Google Chrome Warning As ‘No 0-Day’ Drive-By Cyber Attack Confirmed
November 12, 2024
The cost of zero-day exploits has always been high, especially if they allow an attacker to remotely execute code on a host machine. But why pay hundreds of thousands of dollars for an 0-day when a relatively simple drive-by attack doesn’t need one and can achieve much the same result? That’s what interested an Imperva security ...