From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- China drafts ‘quantum-proof’ protocol to defend against advanced cyber attacks
October 30, 2024
Scientists from China are aiming to create a communication protocol which can help protect traditional encryption methods from quantum computer attacks. Chinese scientists recently presented a draft document at an internal event held in Sweden which showed their attempts at making a ‘quantum-proof’ communication protocol. Once ready, the protocol will help agencies and governments across the ...
- The Importance of Asset Context in Attack Surface Management.
October 30, 2024
This is the last of the four blogs (Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management (ASM) Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery) covering the foundational elements of Attack Surface Management (ASM), and this topic covers one of ...
- Scammers Exploit 2024 US General Election to Perpetrate Multiple Fraud Schemes
October 29, 2024
The FBI is warning the public about scammers exploiting the 2024 US General election to perpetrate multiple types of financial fraud schemes. These scams target victims across the United States and have previously exploited state and local elections for similar scams. Scammers use the names, images, logos, and slogans of candidates to fraudulently solicit campaign contributions, ...
- Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
October 29, 2024
Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard ...
- France: Free ISP announces data breach, millions of users possibly affected
October 29, 2024
One of the biggest internet service providers (ISP) in France has confirmed suffering a cyberattack that saw it lose sensitive customer data. A threat actor alias “drusselx” opened a new thread on the infamous Breach forums, advertising a major database for sale, claiming it contains data on 19.2 million Free customers, and holds more than 5.11 ...
- Hackers breach sensitive government and police data in Italy
October 28, 2024
Prosecutors in Milan have uncovered a network of hackers and former law enforcement officials accused of using malware and insider contacts to break into several government databases, including the Interior Ministry. The group allegedly accessed over 800,000 confidential records, even targeting accounts linked to the president’s office. Prosecutors said on Saturday that the operation was allegedly ...