FBI warns of cybercriminals impersonating IT staff to breach law firms
The FBI is warning that a cybercrime group increasingly targeting law firms is using fake IT support calls — and even in-person visits — to gain access to sensitive legal data and extort victims.
In a May 26 advisory, the FBI said the Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, has “consistently targeted U.S.-based law firms,” likely because of the highly confidential nature of legal records.
The FBI says SRG actors have recently begun using social engineering schemes to pose as employees from victims’ IT departments. The actors either call employees directly or send phishing emails urging recipients to contact someone posing as IT support.
“While on the phone, the SRG actor directs the employee to grant access to a remote desktop session,” the FBI said. “If that attempt fails, SRG sends a threat actor to the victim’s location to gain access and insert a storage device into the victim’s computer. In this scheme, the threat actor tells the victim they need to image the device or create a backup file to address potential impacts from the phishing email.”
The FBI said the tactic has proven effective and resulted in multiple compromises.
The cybercrime operation has been active since 2022 and initially became known for “callback phishing” schemes. Victims receive emails that appear to come from legitimate subscription services and include small fake charges that may not immediately raise suspicion. To dispute or cancel the charge, recipients are instructed to call a phone number that connects them to the attackers.
The attackers then persuade victims to install remote-access software, giving the group entry into a law firm’s systems. Once inside, the hackers search for sensitive information and exfiltrate data using legitimate file-transfer tools that may evade traditional antivirus detection, according to the FBI. The agency urged law firms to be alert for unauthorized downloads of remote-access programs, including Zoho Assist, Syncro, AnyDesk, Splashtop, and Atera.
The group then attempts to extort victims by threatening to release or sell stolen data online unless a ransom is paid.
To reduce risk, the FBI recommends that law firms verify the credentials of anyone seeking access to office space or computer systems, train staff to recognize phishing attempts, maintain regular backups, and require multifactor authentication for employees.
The agency also urged organizations to establish clear internal procedures outlining how legitimate IT personnel authenticate themselves to employees before requesting computer access.
Click Here For The Original Source.
