- The FBI has warned about Silent Ransom Group (SRG), a threat actor that poses as IT staff to steal files and plant malware directly into victims’ offices.
- SRG, also known as Luna Moth/Chatty Spider/UNC3753, primarily targets US law firms, starting with vishing calls and escalating to in-person intrusions with external units.
- Active since 2022 and linked to the BazarCall, Conti, and Ryuk campaigns, SRG extorts victims through ransom emails, pressure calls, and a leak site that names and shames non-payers.
The Federal Bureau of Investigation (FBI) is warning about hackers showing up in people’s offices, posing as IT support. They sit on people’s desks, save all sensitive files to an external drive, and leave the malware behind, while pretending to be troubleshooting a technical problem.
In a newly released instant alert, the FBI says this brazen attack is being carried out by a threat actor calling itself the Silent Ransom Group (SRG). This threat actor, active for approximately four years, begins his attack with a phone call.
They mostly target US-based law firms and first try to get the victim to install a remote desktop management solution and grant them access. If that attempt fails, they will come in person, carrying flash drives, external drives, and other equipment needed to execute the attack. Once they steal the files, they silently escalate privileges and walk away, engaging in extortion at a later date:
talking spider
“By sending someone in person to the victim’s location to facilitate the intrusion, SRG actors extract data to an external hard drive or USB drive inserted by the threat actor into the victim’s computer,” the FBI explained. “SRG actors use the victim’s exfiltrated data to extort the victim by sending a ransom email threatening to sell or publish the data online. SRG actors also call employees or customers of a victim company to pressure the victim into entering ransom negotiations.”
Finally, the criminals have their own data leak website where they name and shame victims into paying the ransom.
SRG is also known as Luna Moth, Chatty Spider and UNC3753, the FBI explained. The group first appeared in 2022 and while it affected organizations across different industries, it primarily focuses on US law firms. According to beepcomputerThis group was previously linked to BazarCall campaigns, as well as Conti and Ryuk ransomware incidents.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
