From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Releases Analysis of FY22 Risk and Vulnerability Assessments
July 26, 2023
CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2022 (FY22). The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA ...
- Wuhan Earthquake Monitoring Center suffers cyberattack from the US; investigation underway
July 26, 2023
The Wuhan Earthquake Monitoring Center has recently suffered a cyberattack launched by an overseas organization, the city’s emergency management bureau which the center is affiliated to said in a statement on Wednesday. This is another case of its kind following the June 2022 cyberattack from overseas against a Chinese university. The expert panel on the case ...
- Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis
July 25, 2023
In the ever-evolving landscape of cyber threats, banking trojans continue to pose a significant risk to organizations worldwide. Among them, Qakbot, also known as QBot or Pinkslipbot, stands out as a highly sophisticated and persistent malware active since 2007, targeting businesses across different countries. With a primary focus on stealing financial data and login credentials from ...
- Securing Digital Technologies of the Next Generation of Nuclear Reactors
July 25, 2023
All innovations bring potential benefits that could transform industries, but they also bring potential risks. In the nuclear field, advanced nuclear reactors, including small modular reactors (SMRs), are incorporating innovative technologies, particularly digital technologies that yield novel solutions. There is growing interest in SMRs. These advanced nuclear reactors have a limited power capacity — typically ...
- What might authentication attacks look like in a phishing-resistant future?
July 25, 2023
The industry has come a long way in terms of improving how we make user authentication more secure. From the most basic concept of relying on usernames and passwords for authentication to enabling multi-factor authentication (MFA) for additional security, we are now embracing a shift toward passwordless logins and/or passkeys that are designed with security ...
- Cryptojacking: Understanding and defending against cloud compute resource abuse
July 25, 2023
In cloud environments, cryptojacking – a type of cyberattack that uses computing power to mine cryptocurrency – takes the form of cloud compute resource abuse, which involves a threat actor compromising legitimate tenants. Cloud compute resource abuse could result in financial loss to targeted organizations due to the compute fees that can be incurred from the ...