The Federal Bureau of Investigation (FBI) has issued a stark warning to law firms across the United States about a significant rise in cyber threats, tracing back to a group known as the Silent Ransom Group (SRG). This group, also referred to as Luna Moth or Chatty Spider, has ramped up its attacks on the legal sector since early 2023, employing both phishing emails and social engineering calls to breach sensitive legal data.
Originally operating since 2022, SRG has previously targeted industries such as healthcare and insurance. However, it appears that they have shifted their focus primarily to law firms due to the nature of the confidential information these firms manage. The FBI had previously alerted the public back in November 2023 regarding SRG’s sophisticated use of callback phishing to infiltrate networks.
SRG’s tactics are alarmingly simple yet effective. They send emails imitating subscription services, claiming questionable charges that prompt urgency, encouraging recipients to call a provided phone number. During these calls, victims are led to download remote access software, giving the attackers unfettered access to the firms’ systems. Recently, SRG has escalated its methods by directly contacting employees, posing as members of the company’s own IT department to encourage them to participate in remote sessions, further compromising security.
Once they infiltrate the systems, SRG utilizes tools like WinSCP and disguised versions of Rclone for stealthily extracting sensitive information. Subsequently, they send ransom demands threatening to sell or release the stolen data. The FBI has emphasized the growing concern of this group’s activities, coinciding with the Cofense Intelligence report that highlighted the misuse of Remote Access Tools (RATs) by criminal groups.
Law firms have become prime targets not only for their lucrative financial information but also for the potential reputational damage a breach can cause. Criminal tactics targeting these entities are becoming more prevalent, with reports as far back as April 2022 detailing scammers using AI-generated imagery to fabricate law firm identities.
To combat this escalating threat, the FBI is calling on network administrators to remain vigilant. They should monitor for unusual downloads of remote access applications like Zoho Assist, AnyDesk, Splashtop, and Atera, while also being alert to unexpected emails about subscription renewals or unsolicited contact from individuals claiming to be IT staff. The FBI advises on enhancing basic cybersecurity measures, including employee training to identify phishing attempts and following clear internal policies for IT communication.