From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Is Cybersecurity The Achilles’ Heel Of The Electric Vehicle Revolution?
March 12, 2024
The electric vehicle (EV) sector, though nascent and in its formative years, faces numerous challenges. Recent concerns, such as “range anxiety” (a vehicle battery’s charge and ability to complete a planned journey) among consumers and incidents of vehicles losing power in cold temperatures, have contributed to a slowdown in adoption. While the trajectory of electric vehicle ...
- Acer Philippines reports data breach in third-party vendor system
March 12, 2024
Acer Philippines confirmed through an official statement that a security breach occurred within a third-party vendor’s system. The vendor was responsible for managing Acer Philippines’ employee attendance data, and the breach resulted in the unauthorized access of this information. The company emphasized that this incident does not involve Acer Philippines customer databases. Customer data remains secure, ...
- Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption
March 12, 2024
Ransomware activity remains on an upward trend despite the number of attacks claimed by ransomware actors decreasing by slightly more than 20% in the fourth quarter of 2023. Attackers have continually refined their tactics and proven quick to respond to disruption, finding new ways to infect victims. Analysis of data from ransomware leak sites shows that ...
- Mysterious Werewolf hits defense industry with new RingSpy backdoor
March 12, 2024
The criminal group gains initial access through phishing emails with a compressed executable that unleashes RingSpy, an original remote access backdoor The BI.ZONE Threat Intelligence team has detected a new campaign by Mysterious Werewolf, a cluster that has been active since at least 2023. This time, the adversaries are targeting defense enterprises. To achieve their goals, ...
- VCURMS: A Simple and Functional Weapon
March 12, 2024
Recently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with the intention of spreading new VCURMS and STRRAT remote access trojans (RAT). The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware. The attacker attempts ...
- French state services hit by cyberattacks of ‘unprecedented intensity’
March 11, 2024
The latest cyberattack to hit France follows a warning from Attal’s defence adviser just last week that the Olympics games in July and European Parliament elections in June could be “significant targets”. Prime Minister Gabriel Attal’s office said several state bodies were targeted but did not provide details. “Many ministerial services were targeted” from Sunday “using ...