Mandiant and Google Threat Intelligence Group have identified an ongoing campaign by UNC3753 (also known as Luna Moth or Silent Ransom Group) targeting US-based law and professional services firms. The group employs advanced vishing and social engineering, often impersonating IT helpdesk staff to trick employees into sharing screens or installing remote monitoring and management (RMM) tools like AnyDesk and Zoho Assist to facilitate data theft.
Beyond digital vectors, the threat actor has recently escalated tactics to include physical office intrusions, where individuals posing as technicians attempt to exfiltrate data directly via USB media. Once data is stolen, UNC3753 demands ransom within a three-day window, threatening to leak sensitive legal and financial records on the "LEAKEDDATA" site if their demands are not met. The campaign highlights a significant shift toward human-centric social engineering and physical security vulnerabilities.
Top comments (0)