- The FBI warns US law firms in progress
- Crooks are the subject of employees to grant access
- They exfiltrate sensitive data and then threaten to release it
In the United States, law firms should be looking for very sophisticated phishing attacks from the silent ransom group, the FBI is in warning.
In a recent notification of private industry, the FBI said that the group, which also targets other industries, has increased its emphasis on American law firms – and that it also slightly moved its tactics.
The FBI says that in recent months, the group has started to usurp the identity of the employees of the Target law firm, posing as a member of the IT service to send an email asking the victim to join a distance access session, declaring that the work he had to do was to be carried out during the night.
Chatty spider
“Once in the victim’s device, a typical SRG attack implies a minimum climbing of privileges and quickly pivots the exfiltration of data carried out via” Winscp “(Windows Secure Copy) or a hidden or renowned version of” RCLONE “, explained the FBI.
“Although this tactic was observed that recently, it was very effective and resulted in multiple compromises.”
Once the group exfiltrates sensitive data from the target system, they will leave a ransom message, threatening to sell or flee the data online, unless a payment is made. To put the victims under pressure even more, threat actors also call them on the phone.
Silent Ransom Group is also known as Luna Moth, Chatty Spider or UNC3753. It has been active since 2022, but has more pivoted towards American law firms in the spring of 2023. Bleeping CompomputeThe group was at the origin of the Bazarcall campaigns which gave the Ransomware operators Ryuk and Conti-Rensomware to some of their victims. The group was formed after dissolving Conti in March 2022.
To defend itself against phishing, the FBI advises companies to use solid passwords, 2FA and solid backup solutions.
Via Bleeping Compompute
