From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- News agency AFP notifies French authorities of potential data breach
October 2, 2024
Agence France-Presse (AFP), one of the world’s largest news organizations, has notified French regulators of a potential data breach following a cyberattack last week. The AFP, which has an editorial presence in 260 cities across 150 countries, said in a brief statement on Saturday that it detected an “attack on its systems” that affected part of ...
- Key Group: another ransomware group using leaked builders
October 1, 2024
Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group’s activity was released in 2023 by BI.ZONE, a cybersecurity solutions vendor: the attackers drew attention when they left an ...
- Global Cyber Attacks to Double from 2020 to 2024
October 1, 2024
On the first day of Cybersecurity Awareness Month in the U.S., research has revealed that the number of significant global cyber attacks in 2024 will be double that of 2020. A new report from insurer QBE, Connected Business: digital dependency fuelling risk, predicts that organisations will be hit by 211 disruptive and destructive cyber attacks this ...
- UK unmasks LockBit ransomware affiliate as high-ranking hacker in Russia state-backed cybercrime gang
October 1, 2024
The U.K.’s National Crime Agency has linked a long-standing affiliate of the LockBit ransomware group to the notorious Russia-backed Evil Corp, a cybercrime gang with links to the Russian government. The NCA said on Tuesday that it had unmasked the LockBit affiliate, known as “Beverley,” as Russian national Aleksandr Ryzhenkov, who British authorities believe to be ...
- Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks
September 30, 2024
Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? Vulnerable drivers not only put the system where they are installed at risk, but they can ...
- Proactive Visibility Is Foundational to Strong Cybersecurity
September 30, 2024
Exposures are more than CVEs, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view. Part of that view must be greater visibility into devices, users, applications, and all the digital infrastructure connected to an organization’s environment. Gaps in that view create risk exposure. Organizations must proactively identify anything that ...