The FBI warns that Luna Moth, also known as Silent Ransom Group, has been targeting law firms with social engineering and callback phishing attacks since 2022. The group uses remote access tools to exfiltrate data and extort victims, with recent tactics involving impersonation of IT staff to gain access. #LunaMoth #SilentRansomGroup
Keypoints
- Luna Moth has been active since at least 2022, focusing on law firms and financial sectors.
- They use callback phishing and social engineering tactics to trick victims into granting remote access.
- The group employs legitimate remote access tools such as Zoho Assist, AnyDesk, and WinSCP for data exfiltration.
- Recent operations involve impersonating IT personnel and directing victims to join remote sessions.
- Defenders are advised to monitor for unusual external connections, such as WinSCP or Rclone activity, and suspicious communications.
Read More: https://thehackernews.com/2025/05/hackers-are-calling-your-office-fbi.html