According to a report by The Hacker News, the FBI has raised concerns over a stealth phishing campaign orchestrated by the cybercriminal group known as Luna Moth. Active since at least 2022, the group employs “callback phishing” or telephone-oriented attack delivery (TOAD) methods to deceive law firm employees. Victims receive emails resembling subscription notices, prompting them to call a provided number. During the call, attackers, masquerading as IT personnel, guide victims to install remote access software, granting unauthorized system access.
Use of legitimate tools complicates detection
Luna Moth’s strategy involves leveraging genuine remote access tools such as Zoho Assist, Syncro, AnyDesk, Splashtop, and Atera. This approach allows them to bypass security measures, as these tools are commonly used in corporate environments. Once access is obtained, attackers utilize applications like Rclone or WinSCP to exfiltrate sensitive data. The use of legitimate software makes it difficult for standard security systems to flag these activities as malicious.
Indicators and preventive measures
Organizations are urged to be vigilant for signs of compromise, including unexpected installations of remote access tools and unusual data transfers. The FBI recommends implementing strict verification processes for IT-related communications, educating employees about such phishing tactics, and monitoring network activity for anomalies. Regular audits and employee training sessions can further bolster defenses against such sophisticated social engineering attacks.
Read our editorial guidelines to learn how we report news on LaptopHub.
