Google has published a new report warning against ongoing targeted campaigns against American companies by cyber criminals. Published by Google’s cybersecurity teams Mandiant and Google Threat Intelligence Group, the report highlighted a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States. As stated in the report, the cyber group uses voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments.“The threat group frequently initializes campaigns using benign, invoice-themed email lures sent from actor-controlled consumer email accounts. These messages contain no active links or malicious attachments. Instead, they typically contain a brief, generic message for example: “hello, here is the invcoie we talked about yesterday”,” the report highlighted. Once inside the environment, the threat actors either directly conduct searches to locate and exfiltrate highly sensitive data, or manipulate the victim into executing these actions on their behalf.In its report, Google also shared a sample extortion email that gives organizations a three-day deadline to respond and initiate ransom negotiations. The email generally has a subject email that states- “[Victim Name] has lost confidential data of their clients. Very Important!”.
Here’s the sample extortion email shared by Google
Hello,We have to inform you that we got access to the [Victim Name] corporation’s database and took a very large dataset. We have been in your network for weeks in multiple systems , aiming for proprietary and confidential files, and were able to obtain what We were looking for as well as the data of many clients. . This is not a joke or a scam.This is a real problem that puts the existence of your firm in danger and to prove it We have attached screenshots that are confirming the possession of the files.Reply to Our email and We will show you the complete file tree and actual files.We are an elite group who’s been in this business for a very long time, We have Our own website where We post the data and thousands of individuals follow Our work , and connections in different business social media. But, what’s more important, is that We want to return your data peacefully and as soon as possible.We will guarantee you the complete database deletion from Our servers, video evidence of us deleting the files, privacy of our communication and Our security advice with an explanation of how We got into your network and how to fix the vulnerability that We found.In order for us to solve this problem you need to send us an email and start communicating with us. We hope to find a financial solution that will be acceptable for both parties.In case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data. You will receive claims from individuals, and legal entities for information leakage and breach of contracts, your current deals will be terminated. Journalists and others will dig into your documents, finding inconsistencies or violations in them. Your organization will lose its reputation, shares will fall in price, and your organization will be forced to close.Let us remind you that your data can be used by many other hackers and criminals on the dark web as well as your competitors and enemies in case We leak the data.Law enforcement will not help you, We are out of their jurisdiction, and We already took all the critical data. They will only tell you not to communicate with us and be the first ones to fine you.As soon as you reach out, We will show you all the files that We obtained, so you can understand the seriousness of this problem and the necessity to proceed to the negotiations.Our communication will stay 100% private before and after the agreement. We can show the proof of it as well.All further communication can be done through this email address.Do not waste any time as it is ticking . Text us today, so We don’t have to start calling your employees tomorrow. You will have 3 days to start communicating.Here We attached some screenshots confirming all the above. Respond to this email and We will send you the file tree.
