From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ghana Cyber Security Authority Records 187 Cases of WhatsApp Account Takeovers, Warns of Rising Trend
May 27, 2024
The Cyber Security Authority (CSA) says a growing number of Ghanaians are falling victim to social engineering and sharing WhatsApp verification codes with malicious actors. This has led to about 187 cases recorded since 2023, it said in a statement. “Malicious actors disguise themselves as familiar contacts or as authoritative figures (typically as administrators of Groups ...
- Massive cyber attack against Eritrea’s Internet System
May 26, 2024
A massive cyber attack was unleashed against Eritrea’s Internet System on Independence Day, Friday, 24 May 2024, at 12:32’:47 in the afternoon hours. The attempt was foiled by the defensive countermeasures deployed promptly, and the network continued its functions without interruptions. The identity of the originators, architects, and implementers of the attempted cyber attack is not ...
- Hellhounds: Operation Lahat. Part 2
May 23, 2024
In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat. The report focused on the group’s attacks on Linux hosts that relied on a new backdoor known as Decoy Dog. Hellhounds carried on attacks ...
- Crooks plant backdoor in software used by courtrooms around the world
May 23, 2024
A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application ...
- LockBit demands $25 million from Canadian pharmacy chain London Drugs after ransomware attack
May 23, 2024
The recent cyber-incident against Canadian pharmacy chain London Drugs was indeed a full-blown ransomware attack, with sensitive data being stolen, and a major ransom being demanded, the company has confirmed. In a statement given to The Register, the company said it had been hit, but stressed it also had no intention of paying the ransom demand. ...
- ShrinkLocker: Turning BitLocker into ransomware
May 23, 2024
The original purpose of BitLocker is to address the risks of data theft or exposure from lost, stolen, or improperly decommissioned devices. Nonetheless, threat actors have found out that this mechanism can be repurposed for malicious ends to great effect. In that incident, the attackers were able to deploy and run an advanced VBS script that ...