From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Google patches an actively exploited Chrome zero-day
February 4, 2021
Google has released today version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today’s release contains only one bugfix for a zero-day vulnerability that was exploited in the wild. The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine. Google said the ...
- Understanding Cloud Misconfigurations – With Pizza and Lego
February 3, 2021
Now, more than ever, the cloud is a relevant topic. Pandemic or not, businesses, schools, and other organizations have moved online and, consequently, many IT departments have had to deal with a move to the cloud. And even if this change had been on the roadmap of affected organizations, such a fast adoption of cloud ...
- Recent root-giving Sudo bug also impacts macOS
February 3, 2021
A British security researcher has discovered today that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed. The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited ...
- The State Of Ransomware, 2020’s Catch-22
February 3, 2021
A ransomware infection can put organizations in difficult situations. The damage that WannaCry and Petya have caused has made people more wary, leading to stricter and more consistent security measures against a constant threat. Developments in ransomware over the past year have made dealing with ransomware not only difficult but also a delicate matter. Aside ...
- Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise
February 2, 2021
Two web skimmers have been discovered on the payment webpages of Costway, one of the top retailers in North America and Europe, which sells appliances, furniture and more. The skimmers are targeting consumers’ credit-card payment details. In a twist, researchers say one of these web skimmers is piggybacking on top of the other, to take over ...
- US federal payroll agency hacked using SolarWinds software flaw
February 2, 2021
The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973. The software vulnerability used to ...