From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Over 70pc of Irish businesses suffered cyber attack in the past 12 months – report
October 17, 2023
Over 70pc of Irish businesses have suffered a cyber attack over the past year, a new report from insurer Hiscox has revealed. Around 71pc of the 200 Irish businesses surveyed experienced a cyber attack in the past 12 months, up 22pc from the same period last year. Ireland also had the highest median average number ...
- Kaspersky uncovers APT campaign targeting APAC government entities
October 17, 2023
Kaspersky researchers have discovered a persistent campaign compromising a specific type of secure USB drive used to provide encryption for safe data storage. Dubbed “TetrisPhantom,” this espionage effort targets government entities in the Asia-Pacific region (APAC), and shows no discernible overlap with any known threat actor. These and other findings are detailed in Kaspersky’s new ...
- Urgent global response needed for “insidious” cybercrime – Interpol
October 16, 2023
SINGAPORE – New types of cybercrime are emerging all the time. Manipulative and well-organized cybercriminals are exploiting digital technologies to tailor their attacks and target weaknesses in online systems, networks and infrastructures. The complex and borderless nature of cybercrime is compounded by the involvement of transnational organized crime groups, underlining the need to mount an ...
- Thailand: House of Representatives’ Website Hacked, Cyber Attack Investigation Underway
October 16, 2023
The House of Representatives’ website fell victim to a cyber attack on Sunday, October 15, 2023. The hackers, who go by the name 3MUSKETEERZ, managed to breach the website’s security and display a picture of a troll in the photo journal section. Additionally, the perpetrators altered the press releases and committee schedules featured on the site. ...
- Understanding DNS Tunneling Traffic in the Wild
October 13, 2023
Palo Alto Unit 42 researchers present a study on why and how domain name system (DNS) tunneling techniques are used in the wild. Motivated by their findings, they present a system to automatically attribute tunneling domains to tools and campaigns. Attackers adopt DNS tunneling techniques to bypass security policies in enterprise networks because most enterprises ...
- curl SOCKS5 heap overflow vulnerability
October 13, 2023
Client URL, or curl, and its library version libcurl are one of the most popular and integrated command line tools for data transfer. They support a wide range of protocols such as HTTP, HTTPS, SMTP and FTP and enable the user to make requests to a URL while handling all standard components of requests such ...