Daijiworld Media Network - Washington

Washington, May 27: The Federal Bureau of Investigation (FBI) has issued a fresh cybersecurity warning after identifying a cybercriminal group targeting law firms across the United States by impersonating internal IT support personnel through phone calls, phishing emails, and even physical office visits.

In a FLASH alert released on May 26, the FBI said the hacking group known as the Silent Ransom Group (SRG) — also tracked under the aliases Luna Moth, Chatty Spider, and UNC3753 — has been actively attacking US-based law firms since Spring 2023.

According to the agency, the group relies heavily on social engineering techniques rather than traditional ransomware methods to infiltrate organisations and steal confidential data.

The FBI explained that attackers either call employees directly or send phishing emails urging staff members to contact what appears to be the company’s IT support team. During these interactions, victims are persuaded to grant remote desktop access to the attackers.

“SRG actors either directly call or send phishing emails to urge employees to call the SRG actor posing as IT support,” the FBI stated in the advisory.

Unlike many ransomware groups that encrypt systems and demand payment for decryption, SRG primarily focuses on rapidly gaining access to systems, extracting sensitive information, and later extorting victims by threatening to leak or sell the stolen data online.

The agency also revealed a more alarming tactic used by the group. If remote access attempts are unsuccessful, individuals linked to the operation may physically visit company offices under the pretext of resolving technical issues.

In some cases, attackers reportedly claim they need to create backup files or inspect devices after a phishing incident in order to convince employees to hand over access.

Once inside a network, the cybercriminals allegedly use tools such as WinSCP and disguised versions of Rclone to quickly transfer company files. Investigators said stolen data is often uploaded through cloud platforms including Google Drive and Microsoft OneDrive.

The FBI warned that the attackers later pressure organisations into ransom negotiations by threatening public exposure of the stolen data. In some incidents, the group has also contacted employees or clients directly to intensify pressure on victims.

The alert highlighted several warning signs companies should watch for, including unexplained downloads of remote access software such as Zoho Assist, AnyDesk, RustDesk, Splashtop, and Atera, as well as suspicious cloud transfers, installation of external storage devices, and unsolicited IT support calls.

To reduce the risk of compromise, the FBI advised organisations to strengthen cybersecurity practices by conducting employee awareness training, maintaining regular system backups, and implementing phishing-resistant multi-factor authentication systems.

The agency also stressed the importance of verifying the identity of visitors entering company premises and restricting remote access privileges for systems handling sensitive or confidential information.