From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Maldives: Sun Siyam Resorts’ IT network hit with cyber attack
July 25, 2023
Sun Siyam Resorts IT network has been targeted by a hacking attack. The company’s management said its team was working diligently to resolve the issue promptly. The company asked for patience and support as it works to resolve the issue. Read more… Source: Sun Siyam News
- Norway government ministries hit by cyber attack
July 24, 2023
Norwegian authorities reported a cyber attack of unknown origin against 12 government ministries on Monday. “We have uncovered a previously unknown vulnerability in the software of one of our suppliers,” said Erik Hope, director of the Norwegian ministries’ security and service organisation, in a press statement. “This vulnerability has been exploited by an unknown actor. We ...
- Ivanti Patches Endpoint Manager Mobile CVE-2023-35078 Remote Unauthenticated API Access Vulnerability
July 24, 2023
A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make ...
- FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Message Queuing Service
July 24, 2023
Over the last few months, FortiGuard Labs has discovered and reported multiple vulnerabilities found in the Microsoft Message Queuing (MSMQ) service. Microsoft patched these vulnerabilities in the April and July 2023 security updates. These patches are rated as critical/important, and as always, we urge users to install them as soon as possible. Read more… Source: Fortinet Labs
- Spyhide stalkerware is spying on tens of thousands of phones
July 24, 2023
A phone surveillance app called Spyhide is stealthily collecting private phone data from tens of thousands of Android devices around the world, new data shows. Spyhide is a widely used stalkerware (or spouseware) app that is planted on a victim’s phone, often by someone with knowledge of their passcode. The app is designed to stay hidden ...
- North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack
July 24, 2023
In July 2023, Mandiant Consulting responded to a supply chain compromise affecting a US-based software solutions entity. Mandiant researchers believe the compromise ultimately began as a result of a sophisticated spear phishing campaign aimed at JumpCloud, a zero-trust directory platform service used for identity and access management. JumpCloud reported this unauthorized access impacted fewer than five ...