The FBI says Silent Ransom Group is targeting U.S. law firms by pretending to be IT support, then stealing data and extorting victims without encrypting files. In 2026 attacks, the group reportedly used callback phishing emails, phone-based social engineering, remote desktop access, and in some cases sent an operative on site to insert a USB or external drive after a failed remote-access attempt; the attackers then used tools such as WinSCP and Rclone to exfiltrate data.
Ionut Arghire
2026.06.08
84% relevant
This updates the same underlying Silent Ransom Group campaign targeting U.S. law firms. It adds new reporting that the group is using DNS fast flux infrastructure, with compromised IoT/CPE devices across 18 countries and domains including ep6pheij[.]com and business-data-leaks[.]com, alongside the previously reported vishing, remote-access, and in-person USB tactics.
Lawrence Abrams
2026.06.07
96% relevant
This article covers the same Silent Ransom Group campaign against U.S. law firms and adds Mandiant’s technical details on the attack chain: invoice-themed precursor emails, follow-up fake IT support calls, use of Teams/Zoom/Quick Assist/Terminal Services, deployment of remote-management tools like AnyDesk and Zoho Assist, phishing domain patterns, use of Privnote, and rapid data theft and extortion timelines.
2026.06.05
96% relevant
This article covers the same underlying Silent Ransom Group/UNC3753 campaign and adds Mandiant reporting that dozens of banks, law firms, and professional-services firms were targeted from January through May 2026, that the group is also tracked as Luna Moth and Chatty Spider, and that Mandiant observed very rapid operations with data theft and extortion sometimes beginning within an hour.
2026.05.27
97% relevant
This article is a direct report on the same FBI advisory, adding detail that fresh in-person incidents were reported in Spring 2026 and describing the crew's tactics, including impersonating IT staff, using callback phishing, remote desktop access, WinSCP, disguised Rclone, and cloud file-sharing services to steal data for extortion.
2026.05.27
98% relevant
This article directly reports the same FBI advisory on Silent Ransom Group (also Luna Moth/UNC3753) targeting U.S. law firms with phishing, fake help-desk calls, remote-access social engineering, and in-person visits to copy data onto USB or hard drives. It adds context that the group is linked to the defunct Conti syndicate, has targeted law firms since 2023, and uses trusted tools and cloud services like OneDrive and Google Drive to blend in.
Sergiu Gatlan
2026.05.27
99% relevant
This article is the same underlying event: the FBI flash alert on Silent Ransom Group's in-person and remote social-engineering attacks against U.S. law firms. It adds detail that SRG first tries phone and phishing lures to obtain remote desktop access, then may dispatch someone on-site to connect USB or external drives if that fails, and reiterates links to Luna Moth/UNC3753 and prior callback-phishing activity.
Ionut Arghire
2026.05.27
100% relevant
This article appears to establish a distinct FBI-tracked development in Silent Ransom Group tradecraft: in-person operatives physically inserting devices to support data theft and extortion targeting law firms.