From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- GoZone Ransomware Adopts Coercive Tactics to Extract Payment
November 4, 2024
This week, the SonicWall Capture Labs threat research team analyzed a ransomware that not only encrypts files but also accuses the victim of harboring explicit content on their computer and then threatens to turn it over to authorities if ransom is not paid. Extortion attacks often come as unsolicited emails, and GoZone has stooped to pretending ...
- New Trend in MSI File Abuse: New OceanLotus Group First to Use MST Files to Deliver Tromas
November 4, 2024
During recent daily operations, the QiAnXin Threat Intelligence Center discovered that the new OceanLotus group, which we have been continuously tracking since mid-2022, has begun to re-activate and is using a new tactic of MSI file misuse. Even though the MSI TRANSFORMS technique was theoretically disclosed in 2022, this is the first time that QiAnXin researchers have ...
- Stealc Malware Checks Everything – Even the Screen Resolution
November 4, 2024
This week, the SonicWall Capture Labs threat research team reviewed a sample of Stealc malware. This is an infostealer that digs through a victim’s system to extract credentials from browsers, cryptocurrency wallets and fileshare servers. Processes are monitored, as well as keystrokes, active windows and mouse clicks. It will also disable security applications and change network ...
- Telematics giant Microlise suffers cyber attack
November 1, 2024
Telematics giant Microlise suffers cyber attack By Gareth Roberts | 1 November 2024 Connected vehicles Microlise has suffered a cyber attack, with a large proportion of the company’s services affected, leaving fleets without some tracking services. The Microlise board says it has appointed external cyber security specialists whose investigations are underway to establish the nature and ...
- CVE-2024-9379: Ivanti Cloud Service Appliance Authenticated SQL Injection
November 1, 2024
The SonicWall Capture Labs threat research team became aware of an authenticated SQL injection vulnerability affecting Ivanti Cloud Service Appliances (CSA). Identified as CVE-2024-9379 and with a moderate score of 6.5 CVSSv3, the vulnerability is more severe than it initially appears due to reported exploitation attempts. Recently, in its October security update, Ivanti announced, “We are ...
- Phish ’n’ Ships Fakes Online Shops to Steal Money and Credit Card Information
October 31, 2024
HUMAN’s Satori Threat Intelligence and Research team recently uncovered and disrupted a sprawling fraud operation centered on fake web shops that abuse digital payment providers to steal consumers’ money and credit card information. The threat, dubbed Phish ’n’ Ships, is made up of hundreds of fake web shops offering in-demand items. The threat actors, whose internal ...