From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Agri-Food Sector Under Increasing Threat From Cyber Attacks
September 20, 2024
As the agri-food sector increasingly embraces automation with GPS, robotic systems, cloud-connected devices, and AI-driven tools to boost efficiency and crop yields, cyber risks have been rapidly escalating. With ransomware attacks as the primary threat, the food and agriculture sector ranks as the seventh most targeted industry in the United States, just behind sectors like manufacturing ...
- -=TWELVE=- is back
September 20, 2024
In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as Kaspersky researchers investigated a late June 2024 attack, they found that it employed techniques ...
- UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
September 19, 2024
UNC1860 is a persistent and opportunistic Iranian state-sponsored threat actor that is likely affiliated with Iran’s Ministry of Intelligence and Security (MOIS). A key feature of UNC1860 is its collection of specialized tooling and passive backdoors that Mandiant believes supports several objectives, including its role as a probable initial access provider and its ability to gain ...
- Identifying Rogue AI
September 19, 2024
For many – certainly given the share price of some leading proponents – the hype of AI is starting to fade. But that may be about to change with the dawn of agentic AI. It promises to get humanity far closer to the ideal of AI as an autonomous technology capable of goal-oriented problem solving. But ...
- Zooming in on CVE‑2024‑7965
September 19, 2024
On August 21, Google released an update for Chrome, fixing a total of 37 security flaws. Researchers across the globe paid their attention to the CVE‑2024‑7965 vulnerability described as an inappropriate implementation in the browser’s V8 engine. The vulnerability can lead to remote code execution (RCE) in the Chrome renderer and thus become a starting point ...
- Indonesia’s tax agency probes alleged personal data breach
September 19, 2024
Indonesia’s tax agency is investigating an alleged data breach that exposes the taxpayer identification numbers of millions of Indonesians, including President Joko “Jokowi” Widodo, his ministers and his two sons, an official said. A series of cyber-attacks have hit Indonesian companies and government agencies in the past few years, which experts attribute to the government’s lax ...