Novel Luna Moth data extortion operation detailed

BleepingComputer reports that the new Luna Moth data extortion operation has launched a widespread phishing campaign aimed at stealing corporate data. Phishing attacks launched by Luna Moth, also known as TG2729 or Silent Ransom Group, since its emergence in March involved the use of fraudulent Zoho, Duolingo, or MasterClass subscription emails as lures, a report from Sygnia's Incident Response team revealed. Luna Moth's emails would warn recipients regarding the imminent end of their subscriptions, which will be eligible for automatic renewal, with a 24-hour payment processing period. Communicating with the phone number indicated in the provided invoice will connect recipients to attackers who will then lure them into installing a remote access tool. Such techniques have prompted researchers to conclude that Luna Moth was not a sophisticated attacker. Aside from leveraging numerous commercial remote desktop solutions, Luna Moth was also observed to deploy at least two RATs in compromised machines. Nearly 90 domain names are also being used by the double-extortion operation, the report noted.