A new extortion group called ‘Luna Moth’ steals data with fake subscription emails

A new data extortion group named Luna Moth has been observed to steal confidential information from companies and threaten the victims into paying ransom in order to save compromised data from being publically available.

The extortion group has been detected to be active since March in phishing campaigns and delivering remote access tools (RAT) in order to steal company data from a remote location.

The Luna Moth is trying to build a silent ransom group (SRG) threat actor according to the cybersecurity company Sygnia which has been tracking the extortion group. Sygnia said that the mode of operation for the Luna Moth ransom group resembles a lot of scammers as the ransom group reaches its targets via phishing attacks.

The cybersecurity company provided details on how it initiates the hacking process. Reportedly for the past three months, the extortion group has been conducting large-scale campaigns to lure victims with false subscription emails with an invitation to Zoho, Masterclass, or Duolingo services. The email usually says that the payment to the above services is due and if the victim can not proceed with the further payment the subscription would end.

Luna Moth usually impersonates brands to use them to create phishing campaigns targeting Gmail accounts. The email also comes with a fake invoice attachment providing contact details to know more about the subscription. Upon dialing the call number the scammer instructs the victim to install a remote access tool into the system.

Sygnia says the threat actor uses remote desktop solutions such as Atera, AnyDesk, Synchro, and Splashtop. The group has also been targeting victims with fake billing emails for renewing antivirus subscriptions. Luna Moth has been observed to use almost 90 domain names for hosting data from compromised companies.




Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i