From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Belden networking giant’s company data stolen in cyberattack
November 25, 2020
Network device manufacturer Belden was hit with a cyberattack that allowed threat actors to steal files containing information about employees and business partners. Belden is a US-based manufacturer of network connectivity devices, including routers, firewalls, switches, cabling, and connectors. Belden generated $2.5 billion in revenue for 2019 and employs approximately 9,000 people. Read more… Source: Bleeping Computer
- Baltimore County Public Schools hit by ransomware attack
November 25, 2020
Baltimore County Public Schools has been hit today by a ransomware attack that led to a systemic shutdown of its network due to the number of systems impacted in the attack. The Baltimore County school district manages all public schools in Baltimore County, Maryland, and is the 25th largest U.S. school system. Read more… Source: Bleeping Computer
- Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group
November 25, 2020
Three suspects have been arrested in Lagos following a joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation. The Nigerian nationals are believed to be members of a wider organized crime group responsible for distributing malware, carrying out phishing campaigns and extensive Business Email Compromise scams. The suspects are alleged to have developed phishing links, domains, ...
- Navigating Gray Clouds – The Importance of Visibility in Cloud Security
November 23, 2020
The cloud is the digital world’s ground zero for transformation, innovation, and agility. Its vastness and power enable enterprises and organizations to keep up with high-resource demands and allow them to access mission-critical data anytime, anywhere. With 85% of businesses worldwide using the cloud to store large amounts of information, it has proven its imperative value, ...
- Botnets have been silently mass-scanning the internet for unsecured ENV files
November 21, 2020
Drawing little attention to themselves, multiple threat actors have spent the past two-three years mass-scanning the internet for ENV files that have been accidentally uploaded and left exposed on web servers. ENV files, or environment files, are a type of configuration files that are usually used by development tools. Frameworks like Docker, Node.js, Symfony, and Django use ...
- New Grelos Skimmer Variants Siphon Credit Card Data
November 20, 2020
Just as seasonal online shopping kicks into high gear, new variants of the point-of-sale Grelos skimmer malware have been identified. Variants are targeting the payment-card data of online retail shoppers on dozens of compromised websites, researchers warn. The Grelos skimmer malware has been around since 2015, and its original version is associated with what are called ...