{"id":267108,"date":"2026-06-08T03:39:00","date_gmt":"2026-06-08T07:39:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/08\/unc3753-used-vishing-and-physical-intrusions-in-u-s-data-theft-extortion-campaign\/"},"modified":"2026-06-08T04:55:13","modified_gmt":"2026-06-08T08:55:13","slug":"unc3753-used-vishing-and-physical-intrusions-in-u-s-data-theft-extortion-campaign","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/08\/unc3753-used-vishing-and-physical-intrusions-in-u-s-data-theft-extortion-campaign\/","title":{"rendered":"UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/unc3753-used-vishing-and-physical.html\">UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/unc3753-used-vishing-and-physical.html\">https:\/\/thehackernews.com\/2026\/06\/unc3753-used-vishing-and-physical.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-08 03:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026.<\/p>\n<p>The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is also known as Chatty Spider, Luna Moth, and Silent Ransom Group (SRG).<\/p>\n<p>&#8220;UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments,&#8221; researchers Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, and Tyler McLellan said.<\/p>\n<p>&#8220;Using pretexts such as data migration or invoice-related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.&#8221;<\/p>\n<p>Upon gaining access, the threat actors have been found to either carry out direct searches to locate and exfiltrate files of interest or deceive the victim into carrying out the actions on their behalf. Stolen information includes proprietary legal agreements, personally identifiable information (PII), and financial records.<\/p>\n<p>In some instances, the attackers have accessed victims&#8217; systems in person, echoing an advisory issued by the U.S. Federal Bureau of Investigation (FBI) last month. These physical intrusions involve the threat actors posing as IT technicians to enter corporate offices and attempt to steal data using removable USB media.<\/p>\n<p>&#8220;By sending someone in-person to the victim&#8217;s location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim&#8217;s computer,&#8221; the FBI said of the new escalation in UNC3753&#8217;s capabilities.<\/p>\n<p>Google said UNC3753 shares tactical overlaps with UNC2686, a threat cluster previously known for carrying out BazarCall-style&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/unc3753-used-vishing-and-physical.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign https:\/\/thehackernews.com\/2026\/06\/unc3753-used-vishing-and-physical.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":267109,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjoUzV1qMNLxMhQ6z22gKy4A5VPPrLn4b1nlfLaMyR6dBM6ostnGD8O3jiaPdM_diQNx24uX-TbI6iiX0Yw4m7msT6_3_UFz_g-g1fQGh3J55fzWzRyKTel4uIp05eBMvxwaQWvNv-VM0_p9jkclDuIyq0Ztu8r4gHIKN1xNSoGYV8Lj31kb_mCcZcBeXrB\/s1600\/vishing.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[25,34],"class_list":["post-267108","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-phishing","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/267108"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=267108"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/267108\/revisions"}],"predecessor-version":[{"id":267110,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/267108\/revisions\/267110"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/267109"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=267108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=267108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=267108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}