- The FBI is warning the law firm of the ongoing attacks.
- Crooks deceive employees to give access
- Exfiltrate confidential data and then threaten to release them
The law firms in the US should be attentive to highly sophisticated phishing attacks from the silent rescue group, the FBI warns.
In a recent notification of the private industry, the FBI said that the group, which is also directed to other industries, has increased its focus on US law firms, and has also slightly changed its tactics.
The FBI says that in recent months, the group began to impersonate the employees of the Target law firm, posing as a member of the IT department to send an email asking the victim to join a remote access session, stating that the work they needed to do was carry out during the night.
Charlatosa spider
“Once on the victim’s device, a typical SRG attack implies a minimum privilege escalation and quickly turns to the exfiltration of data made through” Winscp “(safe copy of Windows) or a hidden or renowned version of ‘Rclone,” the FBI explained.
“Although this tactic has only been observed recently, it has been highly effective and has resulted in multiple commitments.”
Once the group exfiltrates the confidential data of the target system, it will leave a rescue message, threatening to sell or filter the data online, unless a payment is made. To put the victims under more pressure, the threat actors will also call them on the phone.
Silent Ransom Group is also known as Luna Moth, Chatty Spider or UNC3753. He has been active since 2022, but turned more towards US law firms in the spring of 2023. according to BleepingcomputerThe group was behind the BazaCall campaigns that Ryuk Ransomware operators and initial access to some of its victims. The group formed after Conti dissolved in March 2022.
To defend against Phishing, the FBI advises companies to use safe passwords, 2FA and solid backup solutions.
Through Bleepingcomputer
