Luna Moth aka Silent Ransom Group

Updated on 2022-11-23

Unit 42 connected the Luna Moth/Silent Ransom Group with multiple callback phishing extortion campaigns targeting businesses in various sectors, including retail and legal. Read more: Threat Assessment: Luna Moth Callback Phishing Campaign

Updated on 2022-11-22

Unit42 researchers have a report out on Luna Moth (aka Silent Ransom Group), a threat actor that has been engaging in callback phishing campaigns over the past months that have targeted several industry verticals. The group’s operations were also previously covered by Sygnia researchers. Read more:

• Threat Assessment: Luna Moth Callback Phishing Campaign
• LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS

“Callback phishing, also referred to as telephone-oriented attack delivery (TOAD), is a social engineering attack that requires a threat actor to interact with the target to accomplish their objectives. This attack style is more resource intensive, but less complex than script-based attacks, and it tends to have a much higher success rate.”

Overview: Luna Moth

Security firm Sygnia has published a report on Luna Moth, a new threat actor that, since March this year, has been engaging in hack-and-extortion attacks. Sygnia said Luna Moth uses spear-phishing to infect victims with a remote access trojan, which it then uses to steal sensitive data that can be used in a future extortion attempt. The company reported that some extortion demands reached “millions of dollars.”