From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- VMware warns of critical bug affecting all vCenter Server installs
May 25, 2021
VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. “These updates fix a critical security vulnerability, and it needs to be considered at once,” said Bob Plankers, Technical Marketing Architect at VMware. Read more… Source: Bleeping Computer
- Iranian hacking group targets Israel with wiper disguised as ransomware
May 25, 2021
An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims’ networks for months in what looks like an extensive espionage campaign. The threat actor, tracked as Agrius by SentinelLabs researchers, has targeted Israel starting with December 2020. “Initially engaged in espionage activity, Agrius deployed a set ...
- TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack
May 25, 2021
Kubernetes is the most widely adopted container orchestration platform for automating the deployment, scaling, and management of containerized applications. Unfortunately, like any widely used application, it makes for an attractive target for threat actors as they are often misconfigured, especially those running primarily in cloud environments with access to nearly infinite resources. This article will ...
- Russian to be deported after foiled Tesla ransomware plot
May 24, 2021
A Russian man was sentenced Monday to what amounted to time already served in U.S. government custody and will be deported after pleading guilty to trying to pay a Tesla employee $500,000 to install computer malware at the company’s Nevada electric battery plant in a bid to steal company secrets for ransom. Egor Igorevich Kriuchkov, appearing ...
- North Korean hackers behind CryptoCore multi-million dollar heists
May 24, 2021
Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. The group is believed to have stolen hundreds of millions of U.S. dollars by breaching cryptocurrency exchanges in the U.S., Israel, Europe, and Japan over ...
- Bluetooth flaws allow attackers to impersonate legitimate devices
May 24, 2021
Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks. The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to communicate with each other and for Bluetooth devices using low energy wireless technology to enable interoperable ...