FBI warns legal companies of the extortion of Luna Moth -exposing where hackers will call their office
- Advertisement -
Related Posts
- Advertisement -
- The FBI warns American law firms about continuous attacks
- The Crooks Trick employees to grant access
- They exfiltrate sensitive data and then threaten to release it
Law firms in the US must be looking for highly advanced phishing attacks from the Silent Ransom group, warns the FBI.
In a recent Private industry reportThe FBI said that the group, which also focuses on other industries, has increased its focus on American law firms – and that it has also shifted its tactics somewhat.
The FBI says that in recent months the group was approaching as employees of the goal law firm and presented itself as a member of the IT department to send an e -mail in which the victim was asked to participate in an external access session, stating that the work they had to do was performed at night.
Speker
“Once on the victim’s device, a typical SRG attack includes minimal escalation of privileges and fast is about data versions performed via” WinsCP “(Windows Secure Copy) or a hidden or renamed version of ‘Rclone’,” the FBI explained.
“Although this tactic was only recently observed, it has been very effective and resulted in several compromises.”
As soon as the group of sensitive data from the target system is filtrated, they will leave a ransom message and the data are in danger of selling or leaking online, unless a payment is made. To put pressure on the victims, the threat actors will also call them on the phone.
Silent Ransom Group is also known as Luna Moth, Chatty Spider of UNC3753. It has been active since 2022, but turned more to American law firms in the spring of 2023. According to Bleeping computerThe group was behind the Bazarcall campaigns that gave Ryuk and Conti ransomware Operators initial access to some of their victims. The group was formed after Conti was dissolved in March 2022.
To defend themselves against Phishing, the FBI advises companies to use strong passwords, 2FA and solid back -up solutions.
Maybe you like it too
- Advertisement -
