From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- #StopRansomware – Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities
February 10, 2023
CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory (CSA), Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities, to provide information on ransomware activity used by North ...
- City of Oakland systems offline after ransomware attack
February 10, 2023
The City of Oakland was hit by a ransomware attack on Wednesday night that forced it to take all systems offline until the network is secured and affected services are brought back online. The attack has not affected core services, with the City saying that 911 dispatch and fire and emergency resources are all working as ...
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
February 10, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as ...
- Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
February 9, 2023
Trend Micro researchers recently found an active campaign that uses a fake employment pretext targeting Eastern Europeans in the cryptocurrency industry to install an information stealer. In this campaign, the suspected Russian threat actors use several highly obfuscated and under-development custom loaders to infect those involved in the cryptocurrency industry with the Enigma Stealer (detected ...
- Beyond the basics: Implementing an active defense
February 9, 2023
Having an active defense posture, where the defenders actively use threat intelligence and their own environment telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting for detections to trigger, defenders can take initiative and hunt down threat actors inside their environment, putting a halt to their ...
- Darknet Marketplace Revenue Plummets After Hydra Raid
February 9, 2023
Revenue at dark web illicit marketplaces plunged in 2022 following seizure by U.S. and German police last spring of what was then the world’s largest online bazaar for illegal goods and services. The April shutdown of the Russian-speaking Hydra Market sent the illicit world of Russian-language darknet markets into a tailspin that cut overall revenue for ...