From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Releases IOCs Associated with Malicious Barracuda Activity
August 29, 2023
CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances. Read more… Source: U.S. Cybersecurity and Infrastructure ...
- Deconstructing ransomware, cybercriminals and their modus operandi
August 29, 2023
The problem of ransomware is a seemingly age-old problem that is not going away, at least not any time soon. Governments and law enforcement are banding together to try to battle this issue with financial sanctions and takedowns of the groups behind ransomware attacks but they’re like the mythical beast Hydra – take the head ...
- Leaseweb trying to restore service following cyberattack
August 28, 2023
Cloud provider Leaseweb was forced to take some of its critical systems down to mitigate the effects of an ongoing cyberattack. One of the world’s largest cloud and hosting providers, Leasweb contacted its customers to alert them it spotted “unusual” activity in some parts of its infrastructure. To minimize the potential damages and oust the unauthorized ...
- Personal Data Leaked After Cyber Attack on Maryland Schools
August 28, 2023
Prince George’s County, Md., Public Schools officials said some of the personal data stolen in a recent cyber attack has leaked online. The Washington, D.C., area school system is one of the 20 largest school districts in the U.S., with 201 schools and centers. The school system discovered an attack on its network on Aug. 14, ...
- Poland investigates cyber-attack on rail network
August 26, 2023
Polish intelligence services are investigating a hacking attack on the country’s railways, Polish media say. Hackers broke into railway frequencies to disrupt traffic in the north-west of the country overnight, the Polish Press Agency (PAP) reported on Saturday. The signals were interspersed with recording of Russia’s national anthem and a speech by President Vladimir Putin, the ...
- UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach
August 26, 2023
The Metropolitan Police were on red alert tonight after details of officers and staff were hacked in a massive security breach. All 47,000 personnel were warned of the risk their photos, names and ranks had been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. Information taken also ...