From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- ConnectWise Releases Critical Security Update for ScreenConnect
February 20, 2024
ConnectWise has released a security update addressing two vulnerabilities in on-premise ScreenConnect deployments. The update addresses a critical authentication bypass vulnerability with a CVSSv3 score of 10 and a path traversal vulnerability with a CVSSv3 score of 8.4. A remote unauthenticated attacker could exploit these vulnerabilities to read arbitrary files, gain root access on the underlying ...
- Law enforcement disrupt world’s biggest ransomware operation
February 20, 2024
In a significant breakthrough in the fight against cybercrime, law enforcement from 10 countries have disrupted the criminal operation of the LockBit ransomware group at every level, severely damaging their capability and credibility. LockBit is widely recognised as the world’s most prolific and harmful ransomware, causing billions of euros worth of damage. This international sweep follows ...
- Cambridge faces cyber attack
February 19, 2024
The University faced a cyberattack yesterday (20/02), which is affected internet and services across multiple UK higher education institutions. Students at various colleges were notified of the attack, which affected access to IT services such as CamSIS and Moodle. An internal email revealed that the incident was a Distributed Denial of Service (DDoS) attack, described as ...
- UK: Council worker took tens of thousands of email addresses in massive data breach
February 19, 2024
A massive data breach by a worker at Stratford-on-Avon District Council saw tens of thousands of email addresses taken. The breach, which happened in November last year, was over a database of email addresses given by residents, the authority said. The probe found that around 79,000 email addresses from the garden waste collection database were affected. ...
- SolarWinds Releases Critical Security Updates for Access Rights Manager
February 19, 2024
SolarWinds has released security updates addressing five remote code execution (RCE) vulnerabilities in Access Rights Manager (ARM). Path traversal vulnerabilities, CVE-2024-23476 and CVE-2024-23479, are both rated as critical with a CVSSv3 score of 9.6. An unauthenticated attacker could exploit these vulnerabilities, which could lead to RCE. Read more… Source: NHS Digital
- ALPHV ransomware says it was behind attacks on loanDepot, Prudential Financial
February 19, 2024
The infamous ALPHV ransomware operator (also known as BlackCat) has added two companies to its data leak site – Prudential Financial, and loanDepot, in a seeming admission it was behind the attacks on both companies. So far, the group has only added the names to its site, with the actual data not yet available. Apparently, the ...