From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Beyond the Surface: the evolution and expansion of the SideWinder APT group
October 15, 2024
SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been military and government entities in Pakistan, ...
- Sri Lanka arrests over 230 Chinese in cybercrime raids
October 15, 2024
Sri Lankan police have arrested more than 230 Chinese men accused of targeting international banks in online scams, the foreign minister said on Tuesday (Oct 15), with help from security officials sent by Beijing. Vijitha Herath said police raids over the past week had also seized 250 computers and 500 mobile phones used in the alleged ...
- Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.
October 15, 2024
In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document. However, the email ...
- Whispers from the Dark Web Cave. Cyberthreats in the Middle East
October 14, 2024
The Kaspersky Digital Footprint Intelligence team analyzed cybersecurity threats coming from dark web cybercriminals who targeted businesses and governments in the Middle East in H1 2024. Our research highlights the most severe and pervasive threats, and identifies potential risks and consequences as well as defensive strategies. The five prevalent cybersecurity threats in the Middle East covered ...
- Cyber Attack Hits French Leading News Agency AFP
October 14, 2024
French news agency Agence France-Presse (AFP) suffered a cyber attack that disrupted its content delivery infrastructure and file transfer systems. It operates English, French, Arabic, Portuguese, and Spanish news channels and employs over 2,400 people in 150 countries. AFP said it was working to restore impacted systems and has engaged French cybersecurity agency ANSSI and law ...
- Chinese researchers break RSA encryption with a quantum computer
October 14, 2024
The research team, led by Wang Chao from Shanghai University, found that D-Wave’s quantum computers can optimize problem-solving in a way that makes it possible to attack encryption methods such as RSA. In a potentially alarming development for global cybersecurity, Chinese researchers have unveiled a method using D-Wave’s quantum annealing systems to crack classic encryption, potentially ...