From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- How scammers employ IPFS for email phishing
March 27, 2023
The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment, where a massive leak ...
- Emotet malware distributed as fake W-9 tax forms from the IRS
March 26, 2023
A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. Emotet is a notorious malware infection distributed through phishing emails that in the past contained Microsoft Word and Excel documents with malicious macros that install the malware. Read more… Source: Bleeping Computer
- Business Email Compromise Tactics Used to Facilitate the Acquisition of Commodities and Defrauding Vendors
March 24, 2023
The FBI warns the public of criminal actors using Business Email Compromise (BEC) schemes to facilitate the acquisition of a wide range of commodities. BEC is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional. In many BEC scams, ...
- Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats
March 24, 2023
US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year’s cyber attacks against the local government. Over the course of the three-month deployment, Cyber National Mission Force (CNMF) troops worked with their Albanian counterparts to hunt for cyber threats and identify vulnerabilities on networks in the ...
- CISA Releases Six Industrial Control Systems Advisories
March 23, 2023
CISA released six Industrial Control Systems (ICS) advisories on March 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-082-01 RoboDK ICSA-23-082-02 CP-Plus KVMS Pro ICSA-23-082-03 SAUTER EY-modulo 5 Building Automation Stations Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Eight Industrial Control Systems Advisories
- Critical infrastructure gear is full of flaws, but hey, at least it’s certified
March 23, 2023
Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote code execution, according to security researchers. And most of these operational technology (OT) products – which include industrial control systems and related devices – claim security certifications, some of which they did not actually have. Read ...