From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow
March 3, 2021
Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow (among others) inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects. Internal developer projects ...
- Ursnif Trojan has targeted over 100 Italian banks
March 3, 2021
The Ursnif Trojan has been traced back to attacks against at least 100 banks in Italy. According to Avast, the malware’s operators have a keen interest in Italian targets and attacks against these banking institutions have led to the loss of credentials and financial data. The cybersecurity firm said on Tuesday that at least 100 banks have ...
- CISA Alert (AA21-062A): Mitigate Microsoft Exchange Server Vulnerabilities
March 3, 2021
Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to ...
- Compromised Website Images Camouflage ObliqueRAT Malware
March 2, 2021
The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites. The remote access trojan (RAT), which has been operating since 2019, spreads via emails, which have malicious Microsoft Office documents attached. Previously, payloads were embedded into the documents themselves. Now, if users click on the attachment, they’re redirected ...
- Ryuk Ransomware: Now with Worming Self-Propagation
March 2, 2021
A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have found. The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then ...
- Fast Flux 101: How Cybercriminals Improve the Resilience of Their Infrastructure to Evade Detection and Law Enforcement Takedowns
March 2, 2021
Fast flux is a technique used by cybercriminals to increase their infrastructure’s resilience by making law enforcement takedown of their servers and blocklisting of their IP addresses harder. It is critical for these cybercriminals to maintain their networks’ uptime to avoid losses to their revenue streams, including phishing and scam campaigns, botnet rental and illegal ...