From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East
October 21, 2020
The Iran-linked espionage group Seedworm (aka MuddyWater) has been highly active in recent months, attacking a wide range of targets, including a large number of government organizations in the Middle East. Many of the organizations attacked by Seedworm in recent months have also been targeted by a recently discovered tool called PowGoop (Downloader.Covic), suggesting that it ...
- Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
October 21, 2020
Google released an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild. Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov ...
- Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
October 20, 2020
Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest. There are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user. They affect Adobe Illustrator, Adobe Animate, Adobe After ...
- Cisco warns of attacks targeting high severity router vulnerability
October 20, 2020
Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software. The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. Read more… Source: Bleeping Computer
- TrickBot malware under siege from all sides, and it’s working
October 20, 2020
The Trickbot malware operation is on the brink of completely shutting down following efforts from an alliance of cybersecurity and hosting providers targeting the botnet’s command and control servers. Initial disruption actions seemed to leave the botnet unphased as its operators were able to rebuild the infrastructure and the network of infected computers. Although the battle is ...
- Vizom malware uses remote overlay attacks to hijack your bank account
October 19, 2020
Researchers have uncovered a new form of malware using remote overlay attacks to strike Brazilian bank account holders. The new malware variant, dubbed Vizom by IBM, is being utilized in an active campaign across Brazil designed to compromise bank accounts via online financial services. On Tuesday, IBM security researchers Chen Nahman, Ofir Ozer, and Limor Kessem said ...