- The FBI warned of the Silent Ransom Group (SRG), a threat actor that impersonates IT staff to steal files and plant malware directly into victim offices
- SRG, also known as Luna Moth/Chatty Spider/UNC3753, primarily targets US law firms, starting with vishing calls and escalating to personal intrusions with external drives
- Active since 2022 and linked to BazarCall, Conti and Ryuk campaigns, SRG extorts victims via ransom emails, press calls and a leak site that names and shames defaulters
The Federal Bureau of Investigation (FBI) is warning about hackers showing up at people’s offices posing as IT support. They sit at people’s desks, drag all sensitive files onto an external drive and leave behind malware, all while pretending to fix a technical problem.
In a recently released flash alert, the FBI says this brazen attack is being carried out by a threat actor calling itself the Silent Ransom Group (SRG). Active for about four years now, this threat actor starts their attack with a phone call.
They mostly target US-based law firms and first try to get the victim to install a remote desktop management solution and give them access. If that attempt fails, they will come in person with flash drives, external disks and other equipment needed to carry out the attack. Once they steal the files, they will quietly escalate privileges and step away and engage in extortion at a later stage:
Chatty Spider
“By sending someone in person to the victim’s location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive that the threat actor has inserted into the victim’s computer,” the FBI explained. “SRG actors use the exfiltrated victim data to blackmail the victim by sending a ransom email threatening to sell or put the data online. SRG actors also call employees or customers of a victim company to pressure the victim into initiating ransom negotiations.”
Finally, the crooks have their own data leak website where they name-and-shame to pressure victims into paying the ransom demand.
SRG is also known as Luna Moth, Chatty Spider and UNC3753, the FBI further explained. The group was first seen back in 2022, and although it hit organizations in various industries, it is primarily focused on law firms in the United States. According to Bleeping Computerthis group was previously linked to BazarCall campaigns as well as Conti and Ryuk ransomware incidents.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
