From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Defense Contractor Austal USA Confirms a Cyber Attack by Hunters International Ransomware Group
December 15, 2023
Australian-based American defense contractor Austal USA has confirmed a cyber attack after the Hunters International ransomware group listed the company and shared samples of the stolen data as proof. Austal USA is a Contractor for the US Department of Defense (DOD) and the Department of Homeland Security (DHS), undertaking major U.S. Navy shipbuilding programs. With five ...
- Snatch ransomware attack claims probed by Kraft Heinz
December 15, 2023
U.S. multinational food and beverage company Kraft Heinz has launched an investigation into the Snatch ransomware gang’s recently emerged claims of an August attack even though there has been no indication of any systems compromise. Despite admitting responsibility for the attack, the Snatch ransomware operation has not posted any proof of data that it exfiltrated from ...
- Critical RCE vulnerability discovered in Perforce Helix Core Server
December 15, 2023
Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Perforce Server”), a source code management platform largely used in the videogame industry and by multiple organizations spanning government, military, technology, retail, and more. Perforce Server customers are strongly urged to update to version ...
- Supply chain attack targeting Ledger crypto wallet leaves users hacked
December 14, 2023
Hackers compromised the code behind a crypto protocol used by multiple web3 applications and services, the software maker Ledger said on Thursday. Ledger, a company that makes a widely used and popular crypto hardware and software wallet, among other products, announced on X that someone had pushed out a “malicious version” of its Ledger Connect Kit, ...
- ALPHV ransomware gang returns, sorta
December 14, 2023
The ALPHV ransomware gang, arguably the second most dangerous “big game” ransomware operator, appears to be back in business after its infrastructure went down for five days. But all does not appear to be going well for group. ALPHV’s dark web leak site may be back but it is only showing a single victim with no ...
- Rhadamanthys v0.5.0 – A Deep Dive Into The Stealer’s Components
December 14, 2023
Rhadamanthys is an information stealer with a diverse set of modules and an interesting multilayered design. In their last article on Rhadamanthys, Check Point researchers focused on the custom executable formats used by this malware and their similarity to a different family, Hidden Bee, which is most likely its predecessor. In this article they do a ...