From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Spider-Man developer Insomniac Games suffers ransomware attack
December 12, 2023
Insomniac Games, the studio behind titles including Spyro, Ratchet & Clank and Marvel’s Spider-Man, has been breached by the Rhysidia ransomware group. Rhysidia shared screenshots of the stolen on its TOR site, including imagery from Insomniac’s upcoming game, Marvel’s Wolverine. Personal data like passport scans of current and former employees also appears to be included, as ...
- Russian diplomat accuses West of patronizing Ukrainian IT army that commits cybercrime
December 12, 2023
The US-led West supervises Ukraine’s so-called IT army that may be responsible for cybercrime, Russia’s representative Irina Tyazhlova said on Monday. Addressing a meeting of the UN Open-ended Working Group (OEWG) on security of and in the use of information and telecommunication technologies (ICTs), she said: “Other numerous malicious activities with the use of ICTs were ...
- US healthcare giant Norton says hackers stole millions of patients’ data during ransomware attack
December 11, 2023
Kentucky-based nonprofit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40 clinics and hospitals in and around Louisville, Kentucky, and is the city’s third-largest private employer. The organization has more than 20,000 employees, and more than 3,000 ...
- PSNI data breach ‘wake-up call’ for UK forces, review says
December 11, 2023
A major data breach within the Police Service of Northern Ireland (PSNI) has been described as “a wake-up call” for forces across the UK. A report into the data leak has made 37 recommendations for improving information security within the PSNI. In August, the surnames and initials of all the PSNI’s 9,500 staff were released by ...
- China: Foreign geographic information software collects sensitive data, posing threat to national security
December 11, 2023
China’s national security agencies have discovered that foreign geographic information system software used in important industries in China has been collecting and transmitting geographic information data with some of the information collected involving state secrets, posing a serious threat to national security, China’s Ministry of State Security said on Monday, noting that national security agencies will ...
- No confirmation on rumored ALPHV/BlackCat site takedown by law enforcement
December 11, 2023
As the week started there was still no official confirmation from law enforcement that the notorious ALPV/BlackCat site had been taken down. Late last week, various research groups and news organizations reported, and RedSense on Dec. 8 confirmed, that law enforcement took down the ransomware group’s site, but short of official confirmation from the FBI or ...