The FBI issued a warning about the Silent Ransom Group (SRG) targeting U.S. law firms through callback phishing and social engineering attacks. SRG, also known as Luna Moth, Chatty Spider, and UNC3753, has been active since 2022 and demands ransoms to avoid leaking stolen sensitive information. The group impersonates IT support to gain access to networks, exfiltrates data using WinSCP or Rclone, and pressures employees into ransom negotiations. The FBI advises strong passwords, two-factor authentication, regular backups, and phishing detection training to defend against such attacks.
TPRM report: https://scoringcyber.rankiteo.com/company/best-law-firms
"id": "bes311052325",
"linkid": "best-law-firms",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "",
"explanation": "Attack which causes data leak of customer information ( only if no ransomware )"{'affected_entities': [{'customers_affected': None,
'industry': 'Legal',
'location': 'United States',
'name': 'U.S. Law Firms',
'size': None,
'type': 'Legal'}],
'attack_vector': ['Callback Phishing', 'Social Engineering'],
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sensitive Information']},
'date_detected': '2022-03-01',
'description': 'The FBI warned that an extortion gang known as the Silent '
'Ransom Group has been targeting U.S. law firms over the last '
'two years in callback phishing and social engineering '
'attacks. Also known as Luna Moth, Chatty Spider, and UNC3753, '
'this threat group has been active since 2022 and was also '
'behind BazarCall campaigns that provided initial access to '
'corporate networks for Ryuk and Conti ransomware attacks. In '
"March 2022, following Conti's shutdown, the threat actors "
'separated from the cybercrime syndicate and formed their own '
'operation called Silent Ransom Group (SRG). In recent '
"attacks, SRG impersonates the targets' IT support in email, "
'fake sites, and phone calls using social engineering tactics '
"to gain access to the targets' networks. This extortion group "
"doesn't encrypt the victims' systems and is known for "
'demanding ransoms not to leak sensitive information stolen '
'from compromised devices online.',
'impact': {'data_compromised': ['Sensitive Information']},
'initial_access_broker': {'entry_point': ['Email',
'Fake Sites',
'Phone Calls'],
'high_value_targets': ['Legal and Financial '
'Institutions']},
'lessons_learned': 'Using robust passwords, enabling two-factor '
'authentication for all employees, making regular data '
'backups, and conducting staff training on detecting '
'phishing attempts.',
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': 'Increased security '
'awareness training, robust '
'passwords, two-factor '
'authentication, regular '
'data backups',
'root_causes': 'Social Engineering and Callback '
'Phishing'},
'ransomware': {'data_exfiltration': True,
'ransom_demanded': ['1-8 million USD']},
'recommendations': 'Using robust passwords, enabling two-factor '
'authentication for all employees, making regular data '
'backups, and conducting staff training on detecting '
'phishing attempts.',
'references': [{'date_accessed': '2023-10-13',
'source': 'FBI Private Industry Notification',
'url': None},
{'date_accessed': '2023-10-13',
'source': 'EclecticIQ Report',
'url': None}],
'response': {'law_enforcement_notified': True},
'threat_actor': 'Silent Ransom Group (SRG)',
'title': 'Silent Ransom Group Targeting U.S. Law Firms',
'type': 'Extortion'}