US law firms are facing a growing cyber threat as the FBI has warned about a cybercrime group using fake IT support tactics to gain access to sensitive company systems and data.
In a FLASH alert issued on May 26, the FBI said the Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider and UNC3753, has been actively targeting US-based law firms since Spring 2023.
According to the agency, the group uses social engineering techniques, including phishing emails, phone calls and even physical office visits, to trick employees into providing remote access to company computers.
“SRG actors either directly call or send phishing emails to urge employees to call the SRG actor posing as IT support,” the FBI said. “While on the phone, the SRG actor directs the employee to grant access to a remote desktop session.”
Unlike traditional ransomware groups, SRG reportedly focuses less on encrypting systems and more on quickly stealing sensitive data and extorting organisations by threatening to publicly release or sell the stolen information.
The FBI also revealed that if remote access attempts fail, attackers may physically visit company offices claiming they need to inspect devices or create backup files after a phishing incident.
Once inside a system, the group allegedly steals company data using tools such as WinSCP and hidden versions of Rclone. Investigators said the stolen information is often transferred through platforms including Google Drive and Microsoft OneDrive.
The attackers later pressure victims into ransom negotiations and may even contact company employees or clients directly to increase pressure.
The FBI identified several warning signs, including unauthorised downloads of remote access software such as Zoho Assist, AnyDesk, RustDesk, Splashtop and Atera. The agency also advised organisations to monitor suspicious cloud transfers, external hard drive activity and unsolicited IT support calls.
To reduce risks, the FBI urged companies to strengthen cyber hygiene practices, implement phishing-resistant multi-factor authentication, conduct employee training and verify the identity of visitors accessing company premises.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.