From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Yet another top US healthcare service provider has been hacked, with patient data exposed
July 4, 2024
Following the likes of ChangeHealthcare, Kaiser, Cencora, and several others during the past few months, another major US healthcare service has reported suffering a cyberattack that resulted in the theft of sensitive patient data. This latest victim is HealthEquity, which was on the receiving end of an apparent supply chain attack. In an 8-K form, filed ...
- Cyber extortion sees huge rise – and small businesses are four times more likely to be hit
July 4, 2024
Cyber extortion remains the most prominent threat facing businesses of all sizes across all industries, a new report from Orange Cyberdefense has found. The 2024 Cy-Explorer report worryingly uncovered that the number of victims of cyber extortion scams has grown by 77% year on year. In Q1 of 2024 alone, there were 1,046 organizations that were ...
- Mekotio Banking Trojan Threatens Financial Systems in Latin America
July 4, 2024
The Mekotio banking trojan is a sophisticated piece of malware that has been active since at least 2015, primarily targeting Latin American countries with the goal of stealing sensitive information — particularly banking credentials — from its targets. Originating in the Latin American region, it has been particularly prolific in Brazil, Chile, Mexico, Spain, and Peru. ...
- Twilio data breach gets a whole lot worse as it confirms hackers accessed Authy user phone numbers
July 4, 2024
The recent data breach affecting Twilio may have taken a rather unfortunate extra turn after new reports claim the hackers can single out Authy users from the archives. The infamous ShinyHunters hacking collective recently said it stole 33 million phone numbers from Twilio, and the company has now revealed that the attackers were able to determine ...
- The Hidden Danger of PDF Files with Embedded QR Codes
July 3, 2024
The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time. QR codes are increasingly popular due to their versatility and ease of use. Beyond payments and feedback, QR codes have a wide range of applications across various industries such ...
- Millions of iOS apps could have been hit by cyberattack due to a worrying flaw
July 3, 2024
A key tool used primarily in iOS and macOS app development was vulnerable in a way that opened up millions of Mac apps to supply chain attacks, experts have warned. Cybersecurity researchers EVA Information Security claim a dependency manager for Swift and Objective-C projects called CocoaPods, carried three vulnerabilities in a “trunk” server used to manage ...