Security News > 2022 > July > New ‘Luna Moth’ hackers breach orgs via fake subscription renewals
The gang received the name Luna Moth and has been active since at least March in phishing campaigns that delivered remote access tools that enable the corporate data theft.
The Incident Response team at cybersecurity company Sygnia has been tracking the activity of the Luna Moth ransom group, noting that the actor is trying to build a reputation using the name Silent Ransom Group.
Luna Moth uses email addresses with names that impersonate the brands used in the phishing campaign.
As seen from the modus operandi, Luna Moth is far from a sophisticated threat actor and the tool they use support this theory.
The threat actor's demands are quite high, as researchers say that Luna Moth may ask for "Millions of dollars in ransom."
Despite lacking sophistication, Sygnia found that Luna Moth has been using close to 90 domain names as part of their infrastructure or for hosting data from breached companies.
News URL
Related news
- HPE investigates breach as hacker claims to steal source code (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hackers exploiting flaws in SimpleHelp RMM to breach networks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Orange Group confirms breach after hacker leaks company documents (source)