From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Wichita airport still without Wi-Fi months after cyber attack
August 19, 2024
It’s been more than three months since a cyber attack on Wichita took the city’s computer systems offline, and one city service is still not completely back to normal. Dwight D. Eisenhower National Airport was impacted by May’s attack. The airport’s Wi-Fi services went down, as well as its departure and arrival screens. While the screens ...
- UK to conduct review on tackling ‘extremist ideologies’, including misogyny
August 18, 2024
UK Home Secretary Yvette Cooper has ordered a review of the United Kingdom’s counterterrorism strategy on how to best tackle threats by “extremist ideologies” including misogyny. Other ideological trends to be investigated by the Home Office include “Islamism” and far-right “extremism”. Cooper said the strategy will “map and monitor extremist trends” and gauge how to direct ...
- How the ransomware attack at Change Healthcare went down: A timeline
August 17, 2024
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...
- Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove
August 16, 2024
In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations. In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer. Check Point investigation revealed critical missteps by the developer of Styx Stealer, including a significant operational security (OpSec) ...
- ‘Keyboard warrior’ jailed for part in UK disorder
August 16, 2024
A man who posted material on social media to stir up racial hatred during recent unrest across the UK has been jailed for three years. Wayne O’Rourke, who had more than 90,000 followers to his X account, posted misinformation about the killing of three young girls in Southport on 29 July and praised the burning of ...
- Rogue AI is the Future of Cyber Threats
August 15, 2024
Yoshua Bengio, regarded as one of the “godfathers” of artificial intelligence, has likened the now-ubiquitous technology to a bear. When we teach the bear to become smart enough to escape its cage, we no longer control it. All we can do after that is try to build a better cage. This should be our goal with ...