From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers obtain confidential information on Romanian officials after cyber attack at Parliament
January 31, 2024
Hackers breached the database of the Romanian Chamber of Deputies, the lower house of the Parliament, after a recent cyber attack. They reportedly managed to obtain confidential information, such as the prime minister’s identity documents, medical analyses, and other personal data. The hackers threatened to release the personal data of the deputies if they did not ...
- Series of cyber attacks risks sensitive data at New Jersey schools, hospitals
January 30, 2024
Class was canceled Monday across the Freehold Township school district, but not for the familiar January troubles of slushy roads, frozen pipes or a busted boiler. No, this was “a cybersecurity event” that ground school business to a halt. District officials disclosed little about what happened, assuring parents in an email they “retained outside IT expert consultants ...
- Sustainability Business Division of Schneider Electric Responds to Cybersecurity Incident
January 29, 2024
On January 17th, 2024, a ransomware incident affected Schneider Electric Sustainability Business division. The attack has impacted Resource Advisor and other division specific systems. Schneider Electric Global Incident Response team has been immediately mobilized to respond to the attack, contain the incident, and to reinforce existing security measures. Sustainability Business division has informed impacted customers. Read more… Source: ...
- Ukrainian activists launch devastating cyber attack on Russian Space Hydrometeorology Center
January 29, 2024
Ukraine’s Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, known as “planeta” (планета), and wiped 2 petabytes of data. Planeta is a state research center that uses space satellite data and ground sources such as radars and stations to provide information and accurate predictions about weather, climate, natural disasters, extreme ...
- Blackwood APT Group Has a New DLL Loader
January 29, 2024
This week, the SonicWall Capture Labs threat research team analyzed a sample tied to the Blackwood APT group. This is a DLL that, when loaded onto a victim’s computer, will escalate privileges and attempt to install a backdoor for communications monitoring and diversion. It has evasive capabilities and, as of this writing, is targeting companies and ...
- Hacked Microsoft test account was assigned admin privileges
January 27, 2024
The hackers who recently broke into Microsoft’s network and monitored top executives’ email for two months did so by gaining access to an aging test account with administrative privileges, a major gaffe on the company’s part, a researcher said. The new detail was provided in vaguely worded language included in a post Microsoft published on Thursday. ...