Luna Moth, also known as the Silent Ransom Group, has intensified its callback phishing campaigns targeting legal and financial institutions in the U.S. These attacks primarily use social engineering tactics to gain access to sensitive data without deploying traditional ransomware. Affected: U.S. legal and financial institutions
Keypoints :
- Luna Moth is responsible for callback phishing attacks targeting U.S. legal and financial institutions.
- The groupβs tactics include impersonating IT support and using fake helpdesk sites to deceive victims.
- Once remote monitoring and management (RMM) tools are installed by victims, attackers gain remote access to steal sensitive data.
- The attackers threaten to leak stolen data unless a ransom, ranging from million to million, is paid.
- No malware is used, as victims unknowingly install legitimate remote access tools thinking they are receiving support.
- EclecticIQ researchers reported that Luna Moth has created at least 37 domains to facilitate their phishing campaigns.
- Indicators of compromise (IoCs) are available to help organizations identify and block these threats.
- Restricting unauthorized RMM tool execution is recommended as a preventive measure.