The FBI has issued a warning to US law firms about a persistent cyber extortion campaign being carried out by a threat group known as the Silent Ransom Group (SRG), also referred to as Luna Moth, Chatty Spider, and UNC3753. Active since 2022, the group has been using sophisticated callback phishing and social engineering tactics to infiltrate corporate networks.
According to a private industry notification released last week, SRG has been targeting legal and financial institutions by impersonating IT support personnel via email, fake websites, and phone calls. Once a victim engages, attackers direct them to initiate remote access sessions under the guise of resolving technical issues.
“Once in the victim’s device, a typical SRG attack involves minimal privilege escalation and quickly pivots to data exfiltration conducted through “WinSCP” (Windows Secure Copy) or a hidden or renamed version of “Rclone.” If the compromised device does not have administrative privileges, WinSCP portable is used to exfiltrate victim data,” the FBI said. “Although this tactic has only been observed recently, it has been highly effective and resulted in multiple compromises.”
Unlike traditional ransomware gangs, SRG does not encrypt systems. Instead, it steals sensitive files and demands ransom payments, sometimes as high as $8 million, to prevent data leaks. The group has also been known to apply pressure through phone calls to victims’ employees and by publishing data on their leak site, although not all threats of exposure are acted upon.
The cybercriminals behind SRG previously participated in the Ryuk and Conti ransomware operations via the BazarCall campaign. Following Conti’s shutdown in March 2022, the actors launched their own operation.
