From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Lazada confirms 1.1M accounts compromised in RedMart security breach
October 30, 2020
Singapore-based online grocery platform RedMart has suffered a data breach that compromised personal data of 1.1 million accounts. An individual has claimed to be in possession of the database involved in the breach, which contains various personal information such as mailing addresses, encrypted passwords, and partial credit card numbers. RedMart customers on Friday were logged out ...
- SMS Phishing Attempts Are Riding the Presidential Election Wave
October 30, 2020
SMS-based outreach has become a standard in the political playbook, with candidates and their supporters soliciting financial support, opinions, and votes through texting with increasing frequency and sophistication. In the course of protecting enterprise endpoints, Symantec, a division of Broadcom, has turned up evidence of an increasingly prevalent scam tactic in the run-up to the ...
- CISA, FBI, and CNMF Identify a New Malware Variant: ComRAT
October 29, 2020
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense Cyber National Mission Force (CNMF) have identified a malware variant—referred to as ComRAT—used by the Russian-sponsored advanced persistent threat (APT) actor Turla. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and ...
- Oracle WebLogic Server RCE Flaw Under Active Attack
October 29, 2020
If an organization hasn’t updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: “Assume it has been compromised.” Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The console component of the WebLogic Server has a flaw, CVE-2020-14882, ...
- REvil ransomware gang claims over $100 million profit in a year
October 29, 2020
REvil ransomware developers say that they made more than $100 million in one year by extorting large businesses across the world from various sectors. They are driven by profit and want to make $2 billion from their ransomware service, adopting the most lucrative trends in their pursuit of wealth. Read more… Source: Bleeping Computer
- Hacker releases Georgia county’s election-related files
October 29, 2020
Hackers on Tuesday released a sample of stolen election-related documents from networks in Hall County, Ga., as part of their efforts to pressure county officials into paying a ransom for control of the files. The Wall Street Journal reported that the batch of files, which were largely administrative and nonsensitive in nature, came as part of ...