From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI: Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools
November 8, 2023
The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight ransomware initial access trends and encourage organizations to implement the recommendations in the “Mitigations” section to reduce the likelihood and impact of ransomware incidents. Threat As of July 2023, the FBI noted several trends emerging or continuing across the ransomware environment and ...
- Identifying Group Policy attacks
November 8, 2023
In this post Sophos researchers will be discussing Group Policy attacks, basing the threat hunt on a ransomware investigation undertaken by the Sophos X-Ops Incident Response team earlier this year. They will cover malicious behaviors associated with Active Directory and Group Policy attacks, showing you how to investigate and remediate some of these threats. Read more… Source: ...
- UK: Cyber attack hits island council computer systems
November 8, 2023
A suspected ransomware attack has caused significant disruption to IT systems at Western Isles local authority, Comhairle nan Eilean Siar. The council said access to its systems had been affected. The Scottish government and computer company Dell have been helping Comhairle nan Eilean Siar deal with the situation. Read more… Source: MSN News
- Indian hackers launch cyber attacks on Qatar to avenge death penalty of former Navy officers
November 8, 2023
An Indian hacker group, named ‘Indian Cyber Force’ launched cyber attacks on Qatar in response to the death sentence handed to eight former Indian Navy officers by a Qatari court in Espionage case. The Indian hackers claimed of carrying out cyber attacks on Qatar on November 7. They also alleged of executing unauthorised server access, leaked ...
- Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach
November 7, 2023
The personal data of 665,000 Marina Bay Sands customers was accessed in a data security breach in October. The “unauthorised access” took place on Oct 19 and Oct 20 and involved the data of some Sands LifeStyle rewards programme members, said a Marina Bay Sands (MBS) spokesperson on Tuesday (Nov 7). MBS said in response ...
- Okta breach happened after employee logged into personal Google account
November 7, 2023
Okta has revealed details about a recent breach which exposed files belonging to customers. As Malwarebytes explained in their article about 1Password being a victim of this breach, it’s normal for Okta support to ask customers to upload a file known as an HTTP Archive (HAR) file. Having this file allows the team to troubleshoot ...