Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns

The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors.

The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures.

Palo Alto Networks Unit 42 said the attacks are the “product of a single highly organized campaign,” adding, “this threat actor has significantly invested in call centers and infrastructure that’s unique to each victim.”

The cybersecurity firm described the activity as a “pervasive multi-month campaign that is actively evolving…”