TZUTC: -0500
MSGID: 1155.consprcy@1:2320/105 2c9c48f0
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FBI warns legal firms of Luna Moth extortion attacks where hackers will call
their office

Date:
Tue, 27 May 2025 13:34:00 +0000

Description:
Hackers are stealing files and then threatening to release them unless a
payment is made.

FULL STORY

Law firms in the US should be on the lookout for highly sophisticated 
phishing attacks coming from the Silent Ransom Group, the FBI is warning. 

In a recent Private Industry Notification , the FBI said the group, which 
also targets other industries, has increased its focus on US law firms - and
that it has also shifted its tactics slightly as well. 

The FBI says over the last couple of months, the group started impersonating
employees of the target law firm, posing as a member of the IT department to
send an email asking the victim to join a remote access session, stating the
work they needed to do was to be conducted overnight.

Chatty Spider 

Once in the victims device, a typical SRG attack involves minimal privilege
escalation and quickly pivots to data exfiltration conducted through WinSCP
(Windows Secure Copy) or a hidden or renamed version of Rclone, the FBI
explained. 

Although this tactic has only been observed recently, it has been highly
effective and resulted in multiple compromises. 

Once the group exfiltrates sensitive data from the target system, they will
leave a ransom message, threatening to sell or leak the data online, unless a
payment is made. To put the victims under even more pressure, the threat
actors will call them on the phone, as well. 

Silent Ransom Group is also known as Luna Moth, Chatty Spider, or UNC3753. 
Its been active since 2022, but pivoted more towards US law firms in spring
2023. According to BleepingComputer , the group was behind the BazarCall
campaigns that gave Ryuk and Conti ransomware operators initial access to 
some of their victims. The group was formed after Conti disbanded in March
2022. 

To defend against phishing, the FBI advises companies to use strong 
passwords, 2FA, and solid backup solutions. 

 Via BleepingComputer

======================================================================
Link to news story:
https://www.techradar.com/pro/security/fbi-warns-legal-firms-of-luna-moth-exto
rtion-attacks-where-hackers-will-call-their-office

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426