Luna MothLuna Moth

Also known as: Silent Ransom · TG2729 · Luna Moth

Known aliases
3

Profile

Luna Moth conducts high-tempo callback phishing campaigns targeting legal and financial organizations in the U.S., using social engineering to lure victims into calling fake helpdesk numbers. Attackers impersonate IT staff to install legitimate RMM tools, enabling direct access to victim systems for data exfiltration. The group demands ransoms between $1 million and $8 million, threatening to leak stolen data if payments are not made. Their operations reflect a shift from traditional ransomware tactics to data breach extortion, leveraging trusted systems to evade detection.

Aliases· 3

Silent RansomTG2729Luna Moth

References

  1. https://blog.eclecticiq.com/from-callback-phishing-to-extortion-luna-moth-abuse-reamaze-helpdesk-and-rmm-tools-against-u.s.-legal-and-financial-sectors
  2. https://unit42.paloaltonetworks.com/luna-moth-callback-phishing/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Moth
Software
Luna Ransomware
Actor
LUNAR SPIDER
Actor
Larva-208
Actor
WildNeutron
Group
LuminousMoth
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.