From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- BlueNoroff introduces new methods bypassing MoTW
December 27, 2022
BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. Kaspersky researchers have published technical details of how this notorious group steals cryptocurrency before. Kaspersky continue to track the group’s activities and this October they observed the adoption of new malware strains in its arsenal. The group usually takes advantage ...
- Hackers stole data from multiple electric utilities in recent ransomware attack
December 27, 2022
Hackers stole data belonging to multiple electric utilities in an October ransomware attack on a US government contractor that handles critical infrastructure projects across the country, according to a memo describing the hack obtained by CNN. Federal officials have closely monitored the incident for any potential broader impact on the US power sector while private investigators ...
- AI cyber attacks are a ‘critical threat’. This is how NATO is countering them
December 26, 2022
Artificial intelligence (AI) is playing a massive role in cyber attacks and is proving both a “double-edged sword” and a “huge challenge,” according to NATO. “Artificial intelligence allows defenders to scan networks more automatically, and fend off attacks rather than doing it manually. But the other way around, of course, it’s the same game,” David van ...
- Louisiana: Lake Charles Memorial Health has possible cybersecurity incident
December 26, 2022
Some Lake Charles health care system patients may have had their information involved in a cybersecurity incident. The Lake Charles Memorial Health System on Friday mailed letters to some of its “patients whose information may have been involved in a recent cybersecurity incident,” according to a news release from the company. On Oct. 21, the system’s information ...
- IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
December 23, 2022
After closely tracking the activities of the IcedID botnet, Trend Micro researchers have discovered some significant changes in its distribution methods. Since December 2022, Trend Micro observed the abuse of Google pay per click (PPC) ads to distribute IcedID via malvertising attacks. This IcedID variant is detected by Trend Micro as TrojanSpy.Win64.ICEDID.SMYXCLGZ. Advertising platforms like Google ...
- Patch now: Serious Linux kernel security hole uncovered
December 23, 2022
Just what every Linux system administrator wants just before the holidays: A serious Linux kernel security bug. The Zero Day Initiative (ZDI), a zero-day security research firm, announced a new Linux kernel security bug. This hole allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions. How bad is it? ...