- FBI warns US law firms of continuous attack
- Crook’s tricks employees to give access
- They exfilter sensitive data and then threaten to release them
Law firms in the United States must be looking for highly sophisticated phishing attacks coming from the quiet ransom group, the FBI warns.
In a recent private industry, the FBI said the group, which is also aimed at other industries, has increased its focus on US law firms – and that it has also moved its tactics a bit.
The FBI says over the past few months that the group began to emulate employees of the target law firm, which poses as a member of the IT department to send an E email asking the victim to participate in a remote access session in which they said the work they needed was to be done overnight.
Chatty spider
“Once in the victim’s unit involves a typical SRG attack minimal privilege shell and quickly turns to data exfiltration done through” WINSCP “(Windows Secure Copy) or a hidden or renamed version of ‘Rclone’, FBI explained.
“Although this tactic has only been observed recently, it has been very effective and resulted in several compromises.”
When the group exfiltering sensitive data from the target system, they leave a ransom -message that threatens to sell or leak the data online, unless a payment is made. To put the victims under even more pressure, the threat actors will also call them on the phone.
Silent Ransom Group is also known as Luna Moth, Chatty Spider or UNC3753. It has been active since 2022, but turned more against US law firms in the spring of 2023. According to Bleeping computerThe group was behind the Bazarcall campaigns that gave Ryuk and Conti Ransomware operators initial access to some of their victims. The group was formed after Conti dissolved in March 2022.
To defend against Phishing, the FBI advises companies to use strong passwords, 2FA and solid backup Solutions.
Via Bleeping computer
