From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- LockBit hackers claim to have cracked the US Federal Reserve
June 25, 2024
The LockBit cybercrime gang has claimed to have stolen an enormous database from the US Federal Reserve, which includes sensitive banking information about American citizens – but the claim is being met with suspicion. Earlier this week, the infamous ransomware operator added the Fed on its data leak site, saying it had acquired an archive containing ...
- UK and US cops band together to tackle Qilin’s ransomware shakedowns
June 25, 2024
UK and US cops have reportedly joined forces to find and fight Qilin, the ransomware gang wreaking havoc on the global healthcare industry. In early June, the notorious Russia-based crew attacked Synnovis, which provides pathology services to National Health Service’s London hospitals. The digital intrusion has led to the cancellation or postponement of surgeries for thousands ...
- Indonesian government says national data center was hit in ransomware attack – but it won’t pay up
June 25, 2024
The government of Indonesia has suffered a ransomware attack that crippled many of its organizations and caused quite a nuisance for its citizens – but says it won’t be held to ransom. Government officials confirmed its National Data Center (PDN) was struck on June 20, with the attack apparently organized by an affiliate of LockBit, with ...
- Stopping Chinese cyberattacks is officially now the biggest priority for US security forces
June 25, 2024
The US Department of Homeland Security (DHS) has shuffled its priorities to place battling the “cyber and other threats posed by the People’s Republic of China” at the top of the list, at least until the end of 2025. China has been conducting numerous cyber attacks against US infrastructure, particularly focussing on internet-facing endpoints within water ...
- Chinese hackers have stepped up attacks on Taiwanese organizations
June 24, 2024
A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy, according to cybersecurity intelligence company Recorded Future. RedJuliett has targeted Taiwanese organizations in the past, but this is the first time that activity was seen at such a scale, a Recorded ...
- Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers
June 24, 2024
Access to employees’ email accounts, and then pivoted to specifically target login information related to the processing of reimbursement payments to insurance companies, medicare, or similar entities. To gain initial access to victim networks, the threat actor acquired credentials through social engineering or phishing. In some observed instances, the threat actor called an organization’s IT Help ...