From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber attack on International Criminal Court in The Hague; Hackers stole sensitive docs
September 20, 2023
The International Criminal Court (ICC) in The Hague fell victim to a cyber attack last week, the court confirmed in a statement after reporting by NOS. A source told the broadcaster that the hackers gained access to a large number of sensitive documents, but an ICC spokesperson would not confirm that. The spokesperson told NOS that ...
- New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
September 19, 2023
Cisco Talos recently discovered a new malware family we’re calling “HTTPSnoop” being deployed against telecommunications providers in the Middle East. HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the ...
- CISA Releases Four Industrial Control Systems Advisories
September 19, 2023
CISA released four Industrial Control Systems (ICS) advisories on September 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-262-01 Siemens SIMATIC PCS neo Administration Console ICSA-23-262-03 Omron Engineering Software Zip-Slip Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: CISA Adds One Known Exploited Vulnerability to Catalog
- Ransomware Attacks on Gaming Industry – A CISO Perspective
September 19, 2023
The gaming industry is experiencing a surge in cyber attacks because of its vast reservoirs of sensitive customer information, financial transactions, and interconnected operations. Zscaler’s ThreatLabz threat research team reported earlier this year that ransomware attacks had grown 37% overall year-over-year, with the average cost of an attack reaching a whopping $5.3M. The Department of Homeland ...
- Ransomware site claims to have stolen Auckland Transport data
September 19, 2023
A dark web ransomware site is claiming to have data stolen from Auckland Transport, a cyber threat analyst says. The transport agency was the victim of a cyber attack last week, which brought down the city’s ticket payment system. AT said no customer data has been compromised in the attack. A dark web ransomware site is ...
- Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says
September 19, 2023
Hackers who breached casino giants MGM Resorts International and Caesars Entertainment in recent weeks also broke into the systems of three other companies in the manufacturing, retail, and technology space, a security executive familiar with the matter said. David Bradbury, chief security officer of the identity management company Okta, said five of the company’s clients, including ...