Home Security Luna Moth Gang Invests in Name Facilities to Goal Companies with Callback Phishing Campaigns

Luna Moth Gang Invests in Name Facilities to Goal Companies with Callback Phishing Campaigns

by crpt os


The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors.

The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures.

Palo Alto Networks Unit 42 said the attacks are the “product of a single highly organized campaign,” adding, “this threat actor has significantly invested in call centers and infrastructure that’s unique to each victim.”

The cybersecurity firm described the activity as a “pervasive multi-month campaign that is actively evolving.”

What’s notable about callback phishing is that the email messages are completely devoid of any malicious attachment or booby-trapped link, allowing them to evade detection and slip past email protection solutions.

These messages typically come with an invoice that includes a phone number that the users can call to cancel the supposed subscription. In reality, however, the victims are routed to an actor-controlled call center and connected to a live agent on the other end, who ends up installing a remote access tool for persistence.

“The attacker will then seek to identify valuable information on the victim’s computer and connected file shares, and they will quietly exfiltrate it to a server they control using a file transfer tool,” Unit 42 researcher Kristopher Russo said.

Call Back Phishing Campaigns

The campaign may be resource intensive, but is also technically less sophisticated and likely to have a much higher success rate than other phishing attacks.

On top of that, it enables extortion without encryption, permitting malicious actors to plunder sensitive data sans the need to deploy ransomware to lock the files after exfiltration.

The Luna Moth actor, also known as Silent Ransom, has become an expert of sorts when it comes to pulling off such schemes. According to AdvIntel, the cybercrime group is believed to be the mastermind behind the BazarCall attacks last year.

To give these attacks a veneer of legitimacy, the adversaries, instead of dropping a malware like BazarLoader, take advantage of legitimate tools like Zoho Assist to remotely interact with a victim’s computer, abusing the access to deploy other trusted software such as Rclone or WinSCP for harvesting data.

Extortion demands range from two to 78 Bitcoin based on the organization targeted, with the threat actor creating unique cryptocurrency wallets for each payment. The adversary is also said to offer discounts of nearly 25% for prompt payment, although there’s no guarantee that the data is deleted.

“The threat actors behind this campaign have taken great pains to avoid all non-essential tools and malware, to minimize the potential for detection,” Russo said. “Since there are very few early indicators that a victim is under attack, employee cybersecurity awareness training is the first line of defense.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex