UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753 , which is also known as Chatty Spider, Luna Moth, and Silent Ransom Group (SRG). "UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments," researchers Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, and Tyler McLellan said . "Using pretexts such as data migration or invoice-related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities." Upon gaining access, the threat a...
Jun 08, 2026