From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
February 3, 2023
Trend Micro researchers analyzed an ongoing campaign that has been targeting Android users in Southeast Asia since July 2022. Its goal is to steal victims’ assets from finance and banking applications (such as cryptocurrency wallets, credentials for official bank apps on mobile, and money in deposit), via a banking trojan they named TgToxic (detected by Trend ...
- Tallahassee Memorial hospital victim of suspected ransomware attack
February 3, 2023
Tallahassee Memorial HealthCare is postponing all non-emergency patient procedures as officials manage an Information Technology security issue that occurred late Thursday night, according to a memo from the hospital. The IT security breach is a suspected ransomware attack, according to sources with knowledge of the situation. Read more… Source: Florida Politics
- GoAnywhere MFT zero-day vulnerability lets hackers breach servers
February 3, 2023
The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles. GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files. Read more… Source: Bleeping Computer
- New APT34 Malware Targets The Middle East
February 2, 2023
On December 2022, Trend Micro researchers identified a suspicious executable (detected by Trend Micro as Trojan.MSIL.REDCAP.AD) that was dropped and executed on multiple machines. The investigation led them to link this attack to advanced persistent threat (APT) group APT34, and the main goal is to steal users’ credentials. Even in case of a password reset ...
- CISA Releases Six Industrial Control Systems Advisories
February 2, 2023
CISA released six Industrial Control Systems (ICS) advisories on February 2, 2023.These advisories provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-033-01 Delta Electronics DIAScreen ICSA-23-033-02 Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 ICSA-23-033-03 Baicells Nova Read more… Source: U.S. ...
- North Korean hackers stole research data in two-month-long breach
February 2, 2023
A new cyber espionage campaign dubbed ‘No Pineapple!’ has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction. The campaign lasted between August and November 2022, targeting organizations in medical research, healthcare, chemical engineering, energy, defense, and a leading ...