More callback phishing attack campaigns have been launched by the Luna Moth threat operation, also known as Silent Ransom Group, against U.S. legal and financial organizations in a bid to engage in data extortion, reports BleepingComputer.
At least 37 domains have been registered by Luna Moth via GoDaddy in March, most of which spoofed the targeted organizations' IT helpdesk and support portals, according to an analysis from EclecticIQ. Intrusions involved attackers masquerading as IT staff to lure targets into installing remote monitoring and management software, which will enable total keyboard access and lateral movement to other devices, where they could enable data pilfering activities. Organizations impacted by the attacks are then threatened to have their data exposed on Luna Moth's clearweb domain should they refuse to pay the demanded ransom, which could range from $1 to $8 million, said EclecticIQ researcher Arda Büyükkaya. Averting such a threat requires the implementation of RMM tool restrictions.
At least 37 domains have been registered by Luna Moth via GoDaddy in March, most of which spoofed the targeted organizations' IT helpdesk and support portals, according to an analysis from EclecticIQ. Intrusions involved attackers masquerading as IT staff to lure targets into installing remote monitoring and management software, which will enable total keyboard access and lateral movement to other devices, where they could enable data pilfering activities. Organizations impacted by the attacks are then threatened to have their data exposed on Luna Moth's clearweb domain should they refuse to pay the demanded ransom, which could range from $1 to $8 million, said EclecticIQ researcher Arda Büyükkaya. Averting such a threat requires the implementation of RMM tool restrictions.
