Threat actor UNC3753, also known as Luna Moth or Silent Ransom Group, is conducting an aggressive vishing and social engineering campaign targeting US law firms and professional services. By impersonating IT helpdesk personnel, the group tricks employees into joining screen-sharing sessions and installing remote monitoring and management (RMM) tools. Once access is gained, the attackers rapidly identify and exfiltrate sensitive legal agreements, PII, and financial records for extortion purposes.
This campaign is notable for its speed, with the full attack lifecycle often occurring within a single business day. In some instances, the threat group has even escalated to physical office intrusions, sending individuals to corporate locations to exfiltrate data directly via USB media. Following the theft, the actors issue high-pressure extortion demands, threatening to leak the stolen data on the 'LEAKEDDATA' site and contact the victim's clients if ransoms are not paid promptly.
Top comments (0)