From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Australia: Russian man Aleksandr Ermakov has been sanctioned over the Medibank data breach
January 23, 2024
The Australian government has used Magnitsky-style sanctions for the first time to punish Russian man Aleksandr Ermakov over what it says is his role in the 2022 Medibank Private data breach. Foreign Minister Penny Wong, Home Affairs Minister Clare O’Neil and Deputy Prime Minister Richard Marles made the announcement on Tuesday morning. But what exactly are ...
- New macOS backdoor stealing cryptowallets
January 22, 2024
A month ago, Kaspersky researchers discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. The researchers recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking ...
- Lebanon: Ministry of Social Affairs’ website suffers cybersecurity breach
January 22, 2024
The Ministry of Social Affairs’ website has been subjected to a cyber-attack. Authorities are actively working to resolve the issue and ensure the restoration of normalcy to the site. Reportedly, the website does not contain any personal information. Read more… Source: Lebanese Broadcasting Corporation International
- LoanDepot outage drags into second week after ransomware attack
January 19, 2024
LoanDepot customers say they have been unable to make mortgage payments or access their online accounts following a suspected ransomware attack on the company last week. The mortgage and loan giant said on January 8 that it was working to “restore normal business operations as quickly as possible” following a security incident that involved the “encryption ...
- VF Corp’s cyber incident causes data breach of 35.5 million consumers
January 19, 2024
Vans sneaker maker VF Corp said on Thursday the cyber incident that hit the company in December led to a breach of personal data of about 35.5 million consumers, and added that it does not expect a material impact to its financials. The unauthorized activity, detected on Dec. 13, disrupted global customer orders on its e-commerce ...
- Carnegie Mellon University hit by cyberattack, informs 7,300 people possibly affected
January 19, 2024
Carnegie Mellon University informed about 7,300 people that their personal information may have been compromised in an August cyberattack that was quietly investigated by law enforcement and the university. The breach impacting one of the nation’s top schools for computing was acknowledged by the university as higher education in general faces a growing assault by digital ...