A threat group called Silent Ransom (also tracked as UNC3753, Luna Moth, and Chatty Spider) has been hitting US law, financial, and professional services firms with a slick social engineering campaign between January and May 2026, according to Google's Mandiant division.
The attacks start with a fake invoice email, followed by a phone call from someone pretending to be IT support. Victims are talked into screen-sharing sessions and downloading remote access tools. In some cases, attackers physically showed up at offices with USB drives to steal data directly.
Once inside, the group moves fast — sometimes from initial contact to extortion demand in under an hour. Ransom demands come with a three-day deadline and threats to notify clients, partners, and journalists if victims don't comply.
Source: Dark Reading