- The FBI is warning US law firms of ongoing attacks
- The crooks trick employees into granting access
- They exfiltrate sensitive data and then threaten to release it
Law firms in the US should be on the lookout for highly sophisticated phishing attacks coming from the Silent Ransom Group, the FBI is warning.
In a recent Private Industry Notification, the FBI said the group, which also targets other industries, has increased its focus on US law firms - and that it has also shifted its tactics slightly as well.
The FBI says over the last couple of months, the group started impersonating employees of the target law firm, posing as a member of the IT department to send an email asking the victim to join a remote access session, stating the work they needed to do was to be conducted overnight.
Chatty Spider
“Once in the victim’s device, a typical SRG attack involves minimal privilege escalation and quickly pivots to data exfiltration conducted through “WinSCP” (Windows Secure Copy) or a hidden or renamed version of ‘Rclone,’” the FBI explained.
“Although this tactic has only been observed recently, it has been highly effective and resulted in multiple compromises.”
Once the group exfiltrates sensitive data from the target system, they will leave a ransom message, threatening to sell or leak the data online, unless a payment is made. To put the victims under even more pressure, the threat actors will call them on the phone, as well.
Silent Ransom Group is also known as Luna Moth, Chatty Spider, or UNC3753. It’s been active since 2022, but pivoted more towards US law firms in spring 2023. According to BleepingComputer, the group was behind the BazarCall campaigns that gave Ryuk and Conti ransomware operators initial access to some of their victims. The group was formed after Conti disbanded in March 2022.
To defend against phishing, the FBI advises companies to use strong passwords, 2FA, and solid backup solutions.
Via BleepingComputer
You might also like
- This sneaky malware hijacks Google Forms to demand money in nasty phishing scheme
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
