As scams and cyber attacks grow increasingly sophisticated, a new breed of hacker is taking things one step further.
According to a new report by Mandiant and Google Threat Intelligence Group, a cybercriminal ransomware group known as Silent Ransom Group has taken an unusually aggressive approach against law firms by dispatching fake IT workers to victims’ offices. Once there, they steal data directly from the company’s computers through USB drives or by gaining remote access.
Silent Ransom Group, also known as Luna Moth, Chatty Spider, and UNC3753, emerged in March 2022 following the collapse of the Conti ransomware syndicate. Unlike traditional ransomware operations, the group doesn’t deploy encrypting malware. Instead, it relies on social engineering, legitimate remote management tools, and, in some cases, physical intrusions to steal data and extort high-value targets.
“Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management utilities,” the report read.
Once inside the system, the group either pulls sensitive data directly or coerces victims into doing it for them by threatening to release everything, including proprietary legal agreements, personal records, and financial documents if their demands aren’t met.
“In case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data,” one hacker reportedly wrote to a victim.
Beyond physical intrusions, the hackers also lean on more familiar tactics like phishing emails, follow-up phone calls, and social engineering to frequently pose as the company’s own IT support.
Charles Carmakal, Mandiant’s chief technology officer, told TechCrunch that this kind of tactic is not unheard of. “Mandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks,” he said.
Authorities have been tracking the group for some time, having issued a similar warning last year before releasing the most recent alert last month.
In this alert, the FBI warned that the same group has been targeting law firms by posing as IT workers since 2023.
Additionally, this report noted the presence of a number of specialised tactics, including the unauthorised installations of remote access tools or USB drives, unusual data transfers to cloud services or external servers, and unidentified individuals claiming to be IT support attempting to access company computers. Victims may also receive emails, calls, or voicemails claiming data has been stolen, and clients may be contacted directly with the same claim.
This cases serve as a reminder that the threat landscape is no longer confined to the digital world. Organizations may need to rethink security from the inbox all the way to the front door. – Inc/TNS
