From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New Zealand Reserve Bank breached using bug patched on Xmas Eve
January 12, 2021
A recent data breach at the Reserve Bank of New Zealand, known as Te Pūtea Matua, was caused by attackers exploiting a critical vulnerability patched the same day. Over the weekend, the Reserve Bank disclosed that they suffered a data breach after an attacker hacked a third-party file sharing service containing sensitive data. In a new advisory ...
- Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack
January 12, 2021
A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor,” the company has announced. Mimecast provides email security services that customers can apply to their Microsoft 365 accounts by establishing a connection to Mimecast’s servers. The certificate in question is used ...
- New Sunspot malware found while investigating SolarWinds hack
January 12, 2021
Cybersecurity firm CrowdStrike has discovered the malware used by the SolarWinds hackers to inject backdoors in Orion platform builds during the supply-chain attack that led to the compromise of several companies and government agencies. Sunspot, as it was dubbed by CrowdStrike, was dropped by the attackers in the development environment of SolarWinds’ Orion IT management software. After ...
- Capitol attack’s cybersecurity fallout: Stolen laptops, lost data and possible espionage
January 11, 2021
When hostile actors penetrated the Capitol Building on January 6, they gained access to individual chambers and offices and remained at large within the Capitol complex for well over two hours. We have reports that items were stolen. One report comes from acting US Attorney for DC, Michael Sherwin, who stated “items, electronic items were stolen ...
- Malicious Shell Script Steals AWS, Docker Credentials
January 8, 2021
We recently spotted new attacks where, again, threat actors used shell scripts to perform their malicious activities. Based on previous attacks, these malicious scripts were typically used to deploy cryptocurrency miners. But recent cases involving these fresh samples highlighted how the scripts are developed, as they now serve other purposes besides being downloaders for cryptominers. Based ...
- Investigation launched into vulnerabilities found within US Judiciary case file system
January 8, 2021
The United States Judiciary has announced an audit into its systems, following concerns its case file system has been compromised. In making the announcement, the Judiciary said the Administrative Office of the US Courts was working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files ...