From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Exploit released for critical VMware vRealize RCE vulnerability
January 31, 2023
Horizon3 security researchers have released proof-of-concept (PoC) code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances. VMware patched four security vulnerabilities in its vRealize log analysis tool last week, two being critical and allowing remote attackers to execute code on compromised devices. Read more… Source: Bleeping Computer
- University of Michigan Health says cyber attack impacted public websites, not patient info
January 30, 2023
Michigan Health officials say its public websites experienced issues due to a cyber attack but claims the issue did not impact patient information. In a statement on Monday, officials say the attack affected a “third-party vendor we use to host some of our sites.” Read more… Source: CBS Detroit News
- Come to the dark side: hunting IT professionals on the dark web
January 30, 2023
The dark web is a collective name for a variety of websites and marketplaces that bring together individuals willing to engage in illicit or shady activities. Dark web forums contain ads for selling and buying stolen data, offers to code malware and hack websites, posts seeking like-minded individuals to participate in attacks on companies, and ...
- JD Sports hit by cyber-attack that leaked 10m customers’ data
January 30, 2023
The fashion retailer JD Sports said the personal and financial information of 10 million customers was potentially accessed by hackers in a cyber-attack. The company said incident, which affected some online orders made by customers between November 2018 and October 2020, targeted purchases of products of its JD, Size?, Millets, Blacks, Scotts and Millets Sport brands. Read ...
- Russian hackers DDoS Germany for aiding Ukraine
January 30, 2023
Russian hackers have proved yet again how quickly cyber attacks can be used to respond to global events with a series of DDoS attacks on German infrastructure and government websites in response to the country’s plan to send tanks to Ukraine. The efforts, according to Germany’s cyber security agency, the BSI, were largely in vain. “Currently, ...
- Infrastructure Companies Say Suppliers Pose a Growing Cyber Threat
January 27, 2023
Companies in critical infrastructure sectors say weak cyber defenses at suppliers are becoming a significant threat to their business, and that rules to boost security down the supply chain might be needed. While federal and industry rules for specific areas such as aviation, pipeline companies and other critical infrastructure operators are well-established, said Curley Henry, vice ...