"'Luna Moth' Cybercriminals Breach Orgs Through Phony Subscription Renew"

To steal confidential information from businesses, a new data extortion gang called Luna Moth has broken into their systems and threatened to release the files to the public unless the victims pay a ransom. Since March, the group has been involved in phishing campaigns that have distributed remote access tools (RAT) that facilitate corporate data theft. The incident response team at Sygnia has been monitoring the Luna Moth ransom organization, noting that the actor is attempting to establish a reputation under the moniker Silent Ransom Group (SRG). According to a report published by Sygnia, while the goal of Luna Moth (also known as TG2729) is to obtain sensitive information, its method of operation is similar to that of a fraudster. Luna Moth employs phishing techniques to accomplish this. Over the last three months, the gang oversaw a significant effort that used phony subscription emails to trick victims into using Zoho, MasterClass, or Duolingo services. Victims would allegedly receive a message from one of these services informing them that their subscription was about to expire and would be automatically renewed, giving them 24 hours to complete the payment. The brands of the phishing campaign are impersonated in the email addresses used by Luna Moth. When you look closely, the scam is obvious because the emails come from Gmail accounts. A fake invoice with contact details is included in the email in case someone wants to inquire further about the subscription or cancel it. The con artist connects with the victim when they call the number listed on the invoice and provides instructions on how to set up a remote access tool on the system. This article continues to discuss the tactics and tools of the Luna Moth gang.

CyberIntelMag reports "'Luna Moth' Cybercriminals Breach Orgs Through Phony Subscription Renew"