Washington, May 27: The Federal Bureau of Investigation (FBI) has issued a warning about a cybercriminal group targeting American law firms. This group poses as internal IT staff, using phone calls, phishing emails, and sometimes even visiting offices to deceive employees.
In an alert released on May 26, the FBI identified the group as the “Silent Ransom Group,” also known as Luna Moth, Chatty Spider, and UNC3753. Since 2023, they have consistently targeted U.S. law firms.
According to the agency, this group employs social engineering tactics to infiltrate company computer systems and steal sensitive data.
The FBI noted that members of the SRG directly call or send phishing emails to employees, instructing them to contact an individual claiming to be IT support. This person then requests access to a remote desktop session, allowing them to breach the system.
Unlike typical ransomware gangs, this group operates differently. They do not rely heavily on locking systems. Instead, they quickly access systems to steal data and then extort money by threatening to publish or sell the stolen information.
Reports indicate that if remote access fails, these criminals may send someone to the company’s office in person.
In this scheme, the criminals tell employees they need to “image” the computer or create backup files to rectify damage caused by phishing emails.
Once access is granted, they swiftly steal the company’s data. Investigations have shown that the stolen data is often transferred to platforms like Google Drive or Microsoft OneDrive.
Following the theft, attackers blackmail victims based on the stolen data, threatening to publish or sell it online. They sometimes contact company employees or clients to exert pressure for ransom payments.
The FBI has advised organizations to enhance their cybersecurity measures, such as providing employee training, maintaining regular backups, and implementing phishing-resistant multi-factor authentication.
Additionally, the agency recommended thorough identification checks for all visitors to the office and limiting remote access to systems containing sensitive data.
Leave a Comment