Subj : FBI warns legal firms of
To   : All
From : Mike Powell
Date : Wed May 28 2025 08:23 am

FBI warns legal firms of Luna Moth extortion attacks where hackers will call
their office

Date:
Tue, 27 May 2025 13:34:00 +0000

Description:
Hackers are stealing files and then threatening to release them unless a
payment is made.

FULL STORY

Law firms in the US should be on the lookout for highly sophisticated
phishing attacks coming from the Silent Ransom Group, the FBI is warning.

In a recent Private Industry Notification , the FBI said the group, which
also targets other industries, has increased its focus on US law firms - and
that it has also shifted its tactics slightly as well.

The FBI says over the last couple of months, the group started impersonating
employees of the target law firm, posing as a member of the IT department to
send an email asking the victim to join a remote access session, stating the
work they needed to do was to be conducted overnight.

Chatty Spider

Once in the victims device, a typical SRG attack involves minimal privilege
escalation and quickly pivots to data exfiltration conducted through WinSCP
(Windows Secure Copy) or a hidden or renamed version of Rclone, the FBI
explained.

Although this tactic has only been observed recently, it has been highly
effective and resulted in multiple compromises.

Once the group exfiltrates sensitive data from the target system, they will
leave a ransom message, threatening to sell or leak the data online, unless a
payment is made. To put the victims under even more pressure, the threat
actors will call them on the phone, as well.

Silent Ransom Group is also known as Luna Moth, Chatty Spider, or UNC3753.
Its been active since 2022, but pivoted more towards US law firms in spring
2023. According to BleepingComputer , the group was behind the BazarCall
campaigns that gave Ryuk and Conti ransomware operators initial access to
some of their victims. The group was formed after Conti disbanded in March
2022.

To defend against phishing, the FBI advises companies to use strong
passwords, 2FA, and solid backup solutions.

Via BleepingComputer

======================================================================
Link to news story:
https://www.techradar.com/pro/security/fbi-warns-legal-firms-of-luna-moth-exto
rtion-attacks-where-hackers-will-call-their-office

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.