From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- South Africa’s trade regulator ITAC hit by cyber attack
April 16, 2024
According to the organisation, the attack happened in January, leading to the exposure of the personal information of stakeholders. ITAC is an institution dedicated to promoting fair trade in South Africa in order to enhance economic growth and development. The site includes trade and tariff services as well as import and export control services. In a ...
- MGM files suit against FTC to block cyber attack investigation
April 16, 2024
MGM filed the suit yesterday (15 April) in Washington’s federal court against both the FTC and Lina M Khan as FTC chair. The suit refers to the large-scale cyber attack launched against MGM in September last year. MGM was forced to shut down certain systems across its US properties due to the attack. Access to MGM ...
- Best Practices for Deploying Secure and Resilient AI Systems
April 15, 2024
Deploying artificial intelligence (AI) systems securely requires careful setup and configuration that depends on the complexity of the AI system, the resources required (e.g., funding, technical expertise), and the infrastructure used (i.e., on premises, cloud, or hybrid). This report expands upon the ‘secure deployment’ and ‘secure operation and maintenance’ sections of the Guidelines for secure AI ...
- SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world
April 15, 2024
Researchers from the Positive Technologies Expert Security Center discovered more than three hundred attacks worldwide, which they confidently attributed to the well-known TA558 group. As originally described by researchers at ProofPoint, TA558 is a relatively small financially motivated cybercrime group that has attacked hospitality and tourism organizations mainly in Latin America, but has also been identified ...
- Change Healthcare faces another ransomware threat – and it looks credible
April 12, 2024
For months, Change Healthcare has faced an immensely messy ransomware debacle that has left hundreds of pharmacies and medical practices across the United States unable to process claims. Now, thanks to an apparent dispute within the ransomware criminal ecosystem, it may have just become far messier still. In March, the ransomware group AlphV, which had claimed ...
- “Highly capable” hackers root corporate networks by exploiting Palo Alto Networks firewall 0-day
April 12, 2024
Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday. The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges, the highest possible level ...