The FBI’s Internet Crime Complaint Center (IC3) has issued a critical cybersecurity advisory warning businesses—particularly legal firms—of an escalating campaign of social engineering and data extortion led by a threat actor known as the Silent Ransom Group (SRG). Also identified by cybersecurity firms as Luna Moth, Chatty Spider, or UNC3753, the group has refined its methods to bypass traditional defenses and exploit remote access tools for financial gain.
Since spring 2023, SRG has systematically targeted law firms and other professional services through phishing campaigns and voice-based social engineering (vishing), gaining unauthorized access to sensitive internal systems and client data. According to the FBI’s bulletin dated May 23, 2025, these attacks are designed to extract data, followed by extortion attempts with threats to publish or sell the stolen information.
Tactics and Techniques
Initially, SRG lured victims through phishing emails impersonating legitimate subscription services (e.g., antivirus or cloud software providers), urging them to cancel fake subscriptions via a phone call. Once contact was made, victims were instructed to install remote access software such as Atera, AnyDesk, or Zoho Assist under the pretense of resolving the issue.
More recently, SRG has shifted tactics by cold-calling firm employees directly, posing as internal IT staff. In these scenarios, employees are persuaded to install remote access tools for supposed system maintenance or updates. Once inside the network, SRG uses legitimate file transfer utilities like WinSCP and Rclone to exfiltrate gigabytes of sensitive documents.
Extortion Phase
Upon successful data theft, SRG sends ransom notes via email, often followed by phone calls, threatening to release the stolen data unless payment is made. The group has demonstrated a sophisticated understanding of corporate structure, leveraging personal details in communications to amplify psychological pressure on victims.
FBI Recommendations
In its advisory, the FBI urges all businesses—especially legal and professional service firms—to implement the following measures:
- Establish strict protocols for verifying internal IT requests.
- Conduct regular phishing awareness and cybersecurity training for staff.
- Limit and monitor the use of remote access software.
- Enforce multi-factor authentication (MFA) across all systems.
- Maintain regular, encrypted data backups stored offline.
The FBI emphasizes that Silent Ransom Group’s use of commercially available tools and socially engineered entry points makes their attacks especially difficult to detect and prevent. Proactive defense, employee vigilance, and clear internal procedures remain the best line of protection against this evolving cyber threat.
For full details, the official FBI advisory can be found at IC3.gov.
May 23, 2025 – Washington, D.C.
Sources: https://www.ic3.gov/CSA/2025/250523.pdf , TV503.com