At a glance.
- Luna Moth's callback phishing.
- New activity by China's Mustang Panda.
- DEV0569 using malvertising to distribute Royal ransomware.
- US indicts 10 in BEC case.
- Developing a cyber auxiliary.
- Black Friday scams.
Luna Moth's callback phishing.
Palo Alto Networks’ Unit 42 is tracking a large callback phishing campaign they call “Luna Moth.” The criminals behind the operation are using legitimate tools to exfiltrate data with a view to using it for extortion of the data's owners. Callback phishing requires the victim to get in contact with the attacker. The attacker then uses social engineering to trick the victim into granting access to a system or transferring money. An email with a legitimate pdf (pretending to be an invoice for an unwanted subscription) is received, and instead of carrying malware, that pdf carries a callback phone number the victim is asked to contact. Once on the phone, the scammer will persuade the victim to allow them permission to manage their device and cancel the subscription. Once they're in, the crooks steal data and proceed to familiar extortion. For more on Luna Moth, see CyberWire Pro.