The FBI warns about the Silent Ransom Group (SRG), a threat actor employing social engineering and callback phishing to target law firms and exfiltrate sensitive data for extortion. The group has adapted its tactics to include vishing, making detection difficult, and organizations are advised to enhance their security measures. #SilentRansomGroup #LunaMoth #UNC3753 #callbackphishing #lawfirms
Keypoints
- SRG uses social engineering calls and callback phishing to access victim systems.
- The group primarily targets U.S.-based law firms due to sensitive legal industry data.
- Attack methods include remote access tools and minimal privilege escalation to exfiltrate data.
- Traditional antivirus detection is unlikely due to the use of legitimate management tools.
- Organizations should implement staff training, authentication policies, and two-factor authentication.
Read More: https://thecyberexpress.com/fbi-silent-ransom-group-advisory/