- The FBI has warned of Silent Ransom Group (SRG), a threat actor posing as IT personnel to steal files and install malware directly into victims’ offices.
- SRG, also known as Luna Moth/Chatty Spider/UNC3753, primarily targets US law firms, starting with vishing calls and progressing to in-person intrusions with external drives.
- Active since 2022 and linked to the BazarCall, Conti and Ryuk campaigns, SRG extorts victims via ransom emails, pressure calls and a leak site naming and shaming non-payers.
The Federal Bureau of Investigation (FBI) is warning about hackers showing up in people’s offices, posing as IT support. They sit at people’s desks, extract all the sensitive files to an external drive and leave the malware behind, all while pretending to solve a technical problem.
In a recently released flash alert, the FBI says this brazen attack is being carried out by a threat actor calling itself Silent Ransom Group (SRG). This threat actor, active for approximately four years now, begins his attack with a phone call.
They primarily target US-based law firms and first attempt to trick the victim into installing a remote desktop management solution and granting them access. If this attempt fails, they will come in person, equipped with USB sticks, external drives and other equipment necessary to carry out the attack. Once they steal the files, they quietly elevate their privileges and walk away, engaging in extortion at a later date:
Talking Spider
“By sending someone in person to the victim’s home to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim’s computer,” the FBI explained. “SSR actors use exfiltrated victim data to extort the victim by sending a ransom email threatening to sell or publish the data online. SSR actors also call employees or customers of a victim company to pressure the victim into entering into ransom negotiations.”
Finally, scammers have their own data leak website where they expose and shame, in order to pressure victims into paying the demanded ransom.
SRG is also known as Luna Moth, Chatty Spider and UNC3753, the FBI said. The group was first seen in 2022, and while it has affected organizations across different industries, it is primarily focused on law firms in the United States. According to BeepComputerthis group was previously linked to the BazarCall campaigns, as well as the Conti and Ryuk ransomware incidents.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
