27.05.2025
2 min
614
FBI warns: the Luna Moth group, active since 2022, attacks American law firms using phishing emails and phone calls. Victims are encouraged to call a supposedly technical support, where they are convinced to install remote management software (AnyDesk, Zoho Assist, and others). The attackers then copy data via WinSCP or Rclone and demand a ransom.
Since March 2025, hackers have been calling employees themselves, claiming to be IT specialists. They create fictitious domain names like company-helpdesk[.]com and register them through GoDaddy. The campaigns are aimed at the financial and legal sectors.
The Luna Moth group (Chatty Spider, SRG) was formed after the collapse of Conti. Their weapon is not viruses, but psychological pressure. They bypass antivirus programs and security measures through TOAD attacks (telephone social engineering).
Organizations need to strengthen the verification of technical support requests, filter suspicious calls and block third-party remote access. Social engineering is a key threat in 2025.
