- FBI warned about Silent Ransom Group (SRG), a threat actor impersonating IT staff to steal files and plant malware directly at victim offices
- SRG, also known as Luna Moth/Chatty Spider/UNC3753, primarily targets US law firms, starting with vishing calls and escalating to in‑person intrusions with external drives
- Active since 2022 and linked to BazarCall, Conti, and Ryuk campaigns, SRG extorts victims via ransom emails, pressure calls, and a leak site naming and shaming non‑payers
The Federal Bureau of Investigation (FBI) is warning about hackers showing up at people’s offices, pretending to be IT support. They sit at people’s desks, pull all sensitive files into an external drive and leave malware behind, all while pretending to be fixing a technical problem.
In a newly released flash alert, the FBI says this cheeky attack is being done by a threat actor calling itself the Silent Ransom Group (SRG). This threat actor, active for roughly four years now, starts their attack with a phone call.
They mostly target US-based law firms and first try to get the victim to install a remote desktop management solution and grant them access. If that attempt fails, they will come, in person, carrying flash drives, external disks, and other equipment needed to execute the attack. Once they steal the files, they’ll quietly escalate privileges and step away, engaging in extortion at a later date:
Chatty Spider
“By sending someone in-person to the victim’s location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim’s computer,” the FBI explained. “SRG actors use the exfiltrated victim data to extort the victim by sending a ransom email threatening to sell or post the data online. SRG actors also call employees or clients of a victim company to pressure the victim to begin ransom negotiations.”
Finally, the crooks have their own data leak website where they name-and-shame, in order to pressure the victims into paying the ransom demand.
SRG is also known as Luna Moth, Chatty Spider, and UNC3753, the FBI further explained. The group was first seen back in 2022, and while it struck organizations in different industries, it is primarily focused on law firms in the US. According to BleepingComputer, this group was previously linked to BazarCall campaigns, as well as Conti and Ryuk ransomware incidents.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Click Here For The Original Source.
