The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors.

The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures.

Palo Alto Networks Unit 42 said the attacks are the “product of a single highly organized campaign,” adding, “this threat actor has significantly invested in call centers and infrastructure that’s unique to each victim.”

The cybersecurity firm described the activity as a “pervasive multi-month campaign that is actively evolving...”