Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns
Nov 22, 2022
The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery ( TOAD ), wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures. Palo Alto Networks Unit 42 said the attacks are the "product of a single highly organized campaign," adding, "this threat actor has significantly invested in call centers and infrastructure that's unique to each victim." The cybersecurity firm described the activity as a "pervasive multi-month campaign that is actively evolving." What's notable about callback phishing is that the email messages are completely devoid of any malicious attachment or booby-trapped link, allowing them to evade detection and slip past email protection solutions. These messages ty...
