From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- French companies Under Attack from Clever BEC Scam
October 6, 2020
The highly anonymous and often secretive nature of the internet has led to the proliferation of scams aimed at separating people and organizations from their money. Trend Micro has been following these scams over the years and have seen many of them evolve from simplistic schemes to more sophisticated campaigns. One of the most dangerous ...
- Inside the Bulletproof Hosting Business – Cybercriminal Methods and OpSec
October 6, 2020
Many cybercriminal operations have some level of organization, planning, and some form of foundation that reflects the technical acumen of the individual or group behind them. The use of underground infrastructure is inherent to the modus operandi of a cybercriminal. In our Underground Hosting series, we have differentiated how cybercrime goods are sold in marketplaces ...
- MosaicRegressor: Lurking in the Shadows of UEFI
October 5, 2020
UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips on modern day computer systems. Replacing the legacy BIOS, it is typically used to facilitate the machine’s boot sequence and load the operating system, while using a feature-rich environment to do so. At the same time, it has ...
- New Jersey hospital paid ransomware gang $670K to prevent data leak
October 3, 2020
University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. The attack on the hospital occurred in early September by a ransomware operation known as SunCrypt, who infiltrates a network, steals unencrypted files, and then encrypts all of ...
- XDSpy cyber-espionage group operated discretely for nine years
October 2, 2020
Researchers at ESET today published details about a threat actor that has been operating for at least nine years, yet their activity attracted almost no public attention. Going largely unnoticed for this long is a rare occurrence these days as malicious campaigns from long-standing adversaries overlap at one point or give sufficient clues for researchers to ...
- Ransomware: Gangs are shifting targets and upping their ransom demands
October 2, 2020
Ransomware attacks continue to grow, according to data from IBM, which also suggests that ransomware gangs are upping their ransomware demands and getting more sophisticated about how they calculate the ransom they try to extort. The number of ransomware attacks IBM’s Security X-Force Incident Response team were called in to deal with tripled in the second ...