Washington, May 27 (IANS) The FBI has warned that a cybercrime group is targeting US law firms by posing as internal IT staff through phone calls, phishing emails and even in-person visits to offices.
In a FLASH alert issued on May 26, the FBI said the Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider and UNC3753, has consistently targeted US-based law firms since Spring 2023.
The agency said the group uses social engineering tactics to gain access to company computers and steal sensitive data.
“SRG actors either directly call or send phishing emails to urge employees to call the SRG actor posing as IT support,” the FBI said. “While on the phone, the SRG actor directs the employee to grant access to a remote desktop session.”
The FBI said the group operates differently from traditional ransomware gangs because it does not mainly rely on encrypting systems. Instead, the attackers focus on “rapid access to victim systems, immediate data exfiltration, and extortion through threats of public disclosure or sale of stolen data.”
According to the alert, if remote access attempts fail, SRG actors may send someone physically to a victim company’s office.
“In this scheme, the threat actor tells the victim they need to image the device or create a backup file to address potential impacts from the phishing email,” the FBI said.
Once access is obtained, the group quickly steals company data using tools such as WinSCP or hidden versions of Rclone, the agency said. Investigators said the stolen data is often transferred through platforms such as Google Drive or Microsoft OneDrive.
The FBI said the attackers later use the stolen information to extort victims by threatening to publish or sell the data online. The agency also said SRG actors contact company employees or clients to pressure victims into ransom negotiations.
The alert identified several warning signs, including unauthorised downloads of remote access software such as Zoho Assist, AnyDesk, RustDesk, Splashtop and Atera. It also warned companies to watch for suspicious cloud data transfers, external hard drive installations and unsolicited calls from individuals claiming to work in IT support.
The FBI urged organisations to strengthen cyber hygiene measures, including staff training, regular backups and phishing-resistant multi-factor authentication.
The agency also recommended verifying the identity of all visitors accessing company premises and limiting remote access permissions on systems handling sensitive data.
–IANS
lkj/rs