From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang
September 17, 2021
Criminals behind the Ryuk ransomware were early exploiters of the Windows MSHTML flaw, actively leveraging the bug in campaigns ahead of a patch released by Microsoft this week. Collaborative research by Microsoft and RiskIQ revealed campaigns by Ryuk threat actors early on that exploited the flaw, tracked as CVE-2021-40444. The bug is a remote code execution ...
- Numando banking Trojan abuses YouTube to manage remote settings
September 17, 2021
A banking Trojan has been detected that abuses YouTube, Pastebin, and other public platforms in order to spread and control compromised machines. On Friday, ESET wrapped up a series on banking Trojans present in Latin America — including Janeleiro, a new malware sample similar to Casbaneiro, Grandoreiro, and Mekotio — but this one does not just ...
- Cyberattacks against the aviation industry linked to Nigerian threat actor
September 17, 2021
Researchers have unmasked a lengthy campaign against the aviation sector, beginning with the analysis of a Trojan by Microsoft. On May 11, Microsoft Security Intelligence published a Twitter thread outlining a campaign targeting the “aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT.” Read more… Source: ZDNet
- An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan
September 17, 2021
Earlier this year, researchers at Russian cybersecurity firm Kaspersky witnessed a cyberespionage campaign targeting Microsoft Windows PCs at government and telecom entities in China and Pakistan. They began in June 2020 and continued through to April 2021. What piqued the researchers’ interest was the hacking software used by the digital spies, whom Kaspersky had dubbed ...
- Exploitation of the CVE-2021-40444 vulnerability in MSHTML
September 16, 2021
Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers create a document with a specially-crafted object. If a user opens the document, MS Office will ...
- Dangling Domains: Security Threats, Detection and Prevalence
September 16, 2021
The Domain Name System (DNS) provides the naming service which maps mnemonic domain names to various resources such as IP addresses, email servers and so on. As one of the most fundamental internet components, DNS and domain names usually serve as trusted anchors for users to access desired internet resources. As a result, threat actors ...