Luna Moth, Twitter's future: first officer's blog - week 27

Luna Moth, Twitter's future, and more. Here are the some of the biggest cyber risk stories over the past week.

Mike Parkin | November 29, 2022

First Officer’s log, Terrestrial date, 20221128. Officer of the Deck reporting.  

While the technical engagement on Frontier Station [REDACTED] has been proceeding according to plan, with the team ahead of schedule and currently under budget, the crew has been taking a growing interest in the 3D chess tournament. It was true that most of them knew no more about the game now than when we’d arrived; the fact was our Ensign was doing quite well. He had already made it through the initial rounds and moved into the semifinals. 

The [REDACTED] also made it into the semifinals, much to the surprise of some of the competitors. It certainly wasn’t unknown for a relatively unknown player, especially from a species that had no real prior history in 3D chess to make a good showing. But some of the wins were suspect. Suspect to the point where a rumor started circulating that he was actually cheating. 

When our Ensign was asked about it, his sardonic reply was something to the effect of “Well his record before the tournament was just so strong that. . . of course he’s cheating. I just haven’t figured out how.” 

Given the high regard the [REDACTED] held in the Federation, several members of the crew set about figuring out just how it was being done and, possibly more importantly, how they could help the Ensign win his match fairly when it happened. 

Unfortunately, there were very few records of people cheating at 3D chess. 

The only method that was at all possible was to have a superior player observe the game and give guidance to the cheater somehow. In this case, that presented several problems. The [REDACTED] didn’t really have superior players that could give guidance, and the only ones consistently paying attention to those games was another [REDACTED] trader who appeared to be along for the ride. 

The other major issue, other than who could possibly be helping him, was how could they possibly communicate the moves? 

While these were not the kinds of challenges we were usually presented with, the team’s problem-solving skills should be up to the task. 

The question was whether we could come up with a solution in time. 

If not Twitter, then where? 

What happened 

Recent changes in leadership and policy at Twitter have raised concerns with cybersecurity professionals about the future of the platform and, more specifically, their own activities there. While the platform is ill-suited to deep and nuanced discussion, it is very effective for posting initial alerts about events with links to deeper data. 

Why it matters 

The need for a “sound bite” style platform with a broad reach remains, even with Twitter apparently imploding. The question is, what will replace it? Platforms like Mastodon have potential but don’t yet have the reach. Of course, this may be the perfect opportunity for an enterprising developer or three to launch a project that’s focused on being a secure, neutral, platform for exactly this kind of information. While soundbites aren’t useful for getting to the depths of a problem, they are great for drawing attention to them and getting people talking. 

Something about “knowing is half the battle.” 

What they said 

The future of Twitter might be in doubt, but the attention it’s getting certainly isn’t. 

The Luna Moth callback campaign

What happened 

A recent report highlighted a “callback” phishing campaign, linked to the Luna Moth advanced persistent threat group, targeting the retail and legal sectors. These attacks often start with a targeted email, shifting to phone calls and relying on social engineering techniques to get victims to the next stage. The attacker convinces the victim to download a payload, which then furthers the attack. The initial email vector is often well crafted and highly targeted, while attacks of this sort often leverage legitimate remote administration tools, which makes them more difficult to block. 

Why it matters 

While this is a sophisticated attack from Luna Moth that leverages both legitimate commercial tools and sophisticated malware, at its core it is still a social engineering attack against the target’s user base. While we can, and do, do a lot to protect our users from common phishing emails and even some of the more sophisticated cast-netting (targeting an organization or department) or spear phishing attacks, threat actors still find ways to get past our email defenses. 

We have to make sure the users are well-educated and prepared, but even that’s not enough. It takes a full set of tools and a mature risk management program to deal with the threats and minimize the impact of an attack. 

What they said 

luna moth

Plenty are calling out this callback attack from Luna Moth. 


Want to get ahead of the stories? Join the conversations as they happen with the Vulcan Cyber community Slack channel


Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy