From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
April 3, 2023
On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via 3CXDesktopApp MSI installers. An installer for macOS has also been trojanized. The ...
- Unpacking the Structure of Modern Cybercrime Organizations
April 3, 2023
Trend Micro reearchers examine three differently sized criminal groups to know how they compare to similarly sized legitimate businesses in terms of how they are organized. Trend Micro also discuss how threat researchers can use their knowledge of the size and structure of a target criminal organization to aid their investigation. The last 20 years have ...
- CISA Adds One Known Exploited Vulnerability to Catalog
April 3, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. CVE-2022-27926 Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Urgent warning issued to Irish Gmail and Chrome users as hackers access personal data
April 3, 2023
People are being urged to be aware of hackers attempting to gain access to personal emails through Google Chrome with a new type of malware. Scammers are using a fake Chrome browser extension known as AF in a bid to get data from Gmail inboxes, with cybersecurity experts warning that victims of this scam were tricked ...
- Ukrainian cops nab suspects accused of stealing $4.3m from victims across Europe
April 1, 2023
Ukrainian cops have arrested two suspects and detained 10 others for their alleged roles in a cybercrime gang that used phishing scams and phony online marketplaces to steal more than $4.3 million from over 1,000 victims across Europe. The fraudsters created more than 100 phishing sites to obtain victims’ bank card information and access their accounts, ...
- CVE-2023-23397 – Microsoft Outlook Privilege Escalation
March 31, 2023
On March 14, 2023, Microsoft released a patch for CVE-2023-23397. CVE-2023-23397 is a vulnerability in the Windows Microsoft Outlook client that can be exploited by sending a specially crafted email that triggers automatically when it is processed by the Outlook client. No user interaction is required to trigger the exploit. Exploitation of the vulnerability will leak ...