Multi Channel Social Engineering Attacks
Researchers have uncovered a financially motivated data theft campaign targeting professional, legal, and financial services firms across the United States. The operation, active from January to May 2026, has been linked to a threat actor known as UNC3753, also tracked as Chatty Spider, Luna Moth, or Silent Ransom Group. Mandiant and Google Threat Intelligence Group detail how the group uses voice phishing, or vishing, combined with social engineering to gain remote access to corporate networks. Attackers pose as IT support staff, contacting victims by phone after sending deceptive emails about data migrations or invoices. They then convince targets to install remote monitoring and management tools, often tricking them into performing file searches and data transfers on behalf of the attackers.
Physical Intrusions and Data Exfiltration
In an escalation of tactics, UNC3753 has also engaged in physical intrusions, echoing a recent FBI advisory about the group’s methods. Posing as IT technicians, threat actors have entered corporate offices in person and attempted to steal data by plugging USB drives or external hard drives into victim computers. Stolen information includes proprietary legal agreements, personally identifiable information, and financial records. While the group has deployed LockBit Black ransomware in past campaigns, their current focus is data theft and extortion without encryption. The techniques show tactical overlaps with the BazarCall style campaign run by another cluster, UNC2686, in 2021.
Source: The Hacker News
