{"id":49404,"date":"2022-11-21T21:00:00","date_gmt":"2022-11-21T21:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/endpoint\/luna-moth-malware-free-extortion-campaign"},"modified":"2022-11-21T21:00:00","modified_gmt":"2022-11-21T21:00:00","slug":"luna-moths-novel-malware-free-extortion-campaign-takes-flight","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/","title":{"rendered":"Luna Moth&#8217;s Novel, Malware-Free Extortion Campaign Takes Flight"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt253a931b740b5dca\/637bd3b43954130fa5585ba9\/lunamoth_JasonYoder_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Researchers have spotted a threat actor that has managed to extort hundreds of thousands of dollars over the last few months from mostly small and midsize businesses \u2014 without using any encryption tools or malware.<\/p>\n<p>Instead, the attacker \u2014 dubbed Luna Moth (aka the &#8220;Silent&#8221; ransomware group) has been using an array of legitimate tools and a technique dubbed &#8220;call-back phishing.&#8221; The tactic is to steal sensitive data from victim organizations and use it as leverage to extort money from them.<\/p>\n<h2 class=\"regular-text\">Targeted Attacks<\/h2>\n<p>Most of the attacks so far have targeted smaller organizations in the legal industry; more recently, though, the adversary has begun going after larger companies in the retail sector as well, researchers from Palo Alto Network&#8217;s Unit 42 said in a report Monday. The evolution of the attacks suggests the threat actor has become more efficient with its tactics and now presents a danger to businesses of all sizes, the security vendor warned.<\/p>\n<p>&#8220;We are seeing this tactic successfully targeting all sizes of businesses \u2014 from large retailers to small\/medium sized legal organization&#8221; says Kristopher Russo, senior threat researcher with Unit 42 at Palo Alto Networks. &#8220;Because social engineering targets individuals, the size of the company does not offer much protection.&#8221;<\/p>\n<p>Call-back phishing is a tactic that security researchers first observed the Conti ransomware group using more than a year ago in a campaign to install BazarLoader malware on victim systems.<\/p>\n<h2 class=\"regular-text\">Call-Back Phishing<\/h2>\n<p>The scam starts with an adversary sending a phishing email to a specific, targeted individual at a victim organization. The phishing email is custom made for the recipient, originates from a legitimate email service, and involves some kind of a lure to get the user to initiate a phone call with the attacker.<\/p>\n<p>In the Luna Moth incidents that <a href=\"https:\/\/unit42.paloaltonetworks.com\/luna-moth-callback-phishing\/#post-125832-_zai7xtblp7ge\" target=\"_blank\" rel=\"noopener\">Unit 42 researchers observed<\/a>, the phishing email contains an invoice \u2014 in the form of a PDF file \u2014 for a subscription service in the recipient&#8217;s name. The attackers inform the victim the subscription will soon become active and get billed to the credit card number on file. The email provides a phone number to a purported call center \u2014 or sometimes multiple numbers \u2014 that users can call if they had questions about the invoice. Some of the invoices have logos of a well-known company on top of the page.<\/p>\n<p>&#8220;This invoice even includes a unique tracking number used by the call center,&#8221; Russo says. &#8220;So, when the victim calls the number to dispute the invoice, they look like a legitimate business.&#8221;<\/p>\n<p>The attackers then convince users who called to initiate a remote session with them using the Zoho Assist remote support tool. Once the victim is connected to the remote session, the attacker takes control of the victim&#8217;s keyboard and mouse, enables access to the clipboard, and blanks out the user&#8217;s screen, Unit 42 said.<\/p>\n<p>After the attackers have accomplished that, their next step has been to install the legitimate Syncro remote support software for maintaining persistence on the victim&#8217;s machine. They have also deployed other legit tools such as Rclone or WinSCP to steal data from it. <a href=\"https:\/\/www.darkreading.com\/edge-articles\/is-an-attacker-living-off-your-land-\" target=\"_blank\" rel=\"noopener\">Security tools rarely flag these products as suspicious<\/a> because administrators have legitimate use cases for them in an environment.<\/p>\n<p>In early attacks, the adversary installed multiple remote monitoring and management tools such as Atera and Splashtop on victim systems, but lately they appear to have whittled down their toolkit, Unit 42 said.<\/p>\n<p>If a victim does not have administrative rights on their system, the attacker eschews any attempt to maintain persistence on it and instead goes straight to stealing data by leveraging WinSCP Portable.<\/p>\n<p>&#8220;In cases where the attacker established persistence, exfiltration occurred hours to weeks after initial contact. Otherwise, the attacker only exfiltrated what they could during the call,&#8221; Unit 42 said in its report.<\/p>\n<h2 class=\"regular-text\">Applying the Most Pressure<\/h2>\n<p>The Luna Moth group has typically gone after data that, when leveraged, will apply the most pressure to the victim, Russo says. In targeting legal firms, the attacker appeared to have a good knowledge of the industry, knowing the kind of data that would likely cause the most harm in the wrong hands.<\/p>\n<p>&#8220;In the cases that Unit 42 investigated, they targeted sensitive and confidential data of the law firm&#8217;s clients,&#8221; Russo explains. &#8220;The attacker reviewed the data they stole and included a sample of the most damaging data they stole in the extortion email.&#8221;<\/p>\n<p>In many attacks, the adversary called out the victim&#8217;s largest clients by name and threatened to contact them if the victim organization did not pay the demanded ransom \u2014 which typically has ranged from 2 to 78 Bitcoin.<\/p>\n<p>In the cases Unit 42 has investigated, the attackers did not move laterally once they had gained access to a victim&#8217;s machine. &#8220;However, they do continue to monitor the compromised computer if the victim has admin credentials \u2014 even going so far as to call and taunt the victims if they detect remediation efforts,&#8221; Russo says.<\/p>\n<p>Sygnia, one of the first to report on Luna Moth&#8217;s activities, described the group as likely surfacing in March. The security vendor said it had <a href=\"https:\/\/blog.sygnia.co\/luna-moth-false-subscription-scams\" target=\"_blank\" rel=\"noopener\">observed the threat actor<\/a> using commercially available remote access tools such as Atera, Splashtop, and Syncro, as well as AnyDesk for persistence. Sygnia said its researchers had also observed the threat actor using other legitimate tools such as SoftPerfect network scanner for reconnaissance and SharpShares for network enumeration. The attacker&#8217;s tactic has been to store the tools on compromised systems with names that spoof legitimate binaries, Sygnia said.<\/p>\n<p>&#8220;The threat actor in this campaign specifically seeks to minimize their digital footprint to evade most technical security control,&#8221; Russo says.<\/p>\n<p>Because they have been relying entirely on social engineering and legitimate tools in the campaign, the attacks leave very few artifacts, Unit 42 said. Thus, &#8220;we recommend that organizations of all sizes conduct security awareness training for employees&#8221; to protect against the new threat, Russo says.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/endpoint\/luna-moth-malware-free-extortion-campaign\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Luna Moth is relying solely on call-back phishing, as well as legitimate tools, to steal data and extract ransoms from victims of all stripes in an expanding cyberattack effort.Read More <a href=\"https:\/\/www.darkreading.com\/endpoint\/luna-moth-malware-free-extortion-campaign\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-49404","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Luna Moth&#039;s Novel, Malware-Free Extortion Campaign Takes Flight 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Luna Moth&#039;s Novel, Malware-Free Extortion Campaign Takes Flight 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-21T21:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt253a931b740b5dca\/637bd3b43954130fa5585ba9\/lunamoth_JasonYoder_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Luna Moth&#8217;s Novel, Malware-Free Extortion Campaign Takes Flight\",\"datePublished\":\"2022-11-21T21:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/\"},\"wordCount\":987,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt253a931b740b5dca\\\/637bd3b43954130fa5585ba9\\\/lunamoth_JasonYoder_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/\",\"name\":\"Luna Moth's Novel, Malware-Free Extortion Campaign Takes Flight 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt253a931b740b5dca\\\/637bd3b43954130fa5585ba9\\\/lunamoth_JasonYoder_shutterstock.jpg\",\"datePublished\":\"2022-11-21T21:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt253a931b740b5dca\\\/637bd3b43954130fa5585ba9\\\/lunamoth_JasonYoder_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt253a931b740b5dca\\\/637bd3b43954130fa5585ba9\\\/lunamoth_JasonYoder_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Luna Moth&#8217;s Novel, Malware-Free Extortion Campaign Takes Flight\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Luna Moth's Novel, Malware-Free Extortion Campaign Takes Flight 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/","og_locale":"en_US","og_type":"article","og_title":"Luna Moth's Novel, Malware-Free Extortion Campaign Takes Flight 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-11-21T21:00:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt253a931b740b5dca\/637bd3b43954130fa5585ba9\/lunamoth_JasonYoder_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Luna Moth&#8217;s Novel, Malware-Free Extortion Campaign Takes Flight","datePublished":"2022-11-21T21:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/"},"wordCount":987,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt253a931b740b5dca\/637bd3b43954130fa5585ba9\/lunamoth_JasonYoder_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/","url":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/","name":"Luna Moth's Novel, Malware-Free Extortion Campaign Takes Flight 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt253a931b740b5dca\/637bd3b43954130fa5585ba9\/lunamoth_JasonYoder_shutterstock.jpg","datePublished":"2022-11-21T21:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt253a931b740b5dca\/637bd3b43954130fa5585ba9\/lunamoth_JasonYoder_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt253a931b740b5dca\/637bd3b43954130fa5585ba9\/lunamoth_JasonYoder_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/luna-moths-novel-malware-free-extortion-campaign-takes-flight\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Luna Moth&#8217;s Novel, Malware-Free Extortion Campaign Takes Flight"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49404"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49404\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}