FBI warns of cybercrime group targeting US law firms

The agency said the group uses social engineering tactics to gain access to company computers and steal sensitive data.

FBI Director Kash Patel speaks during a press conference after two National Guard members were shot near the White House in Washington, D.C., U.S., November 26, 2025. / REUTERS/Nathan Howard

The FBI has warned that a cybercrime group is targeting U.S. law firms by posing as internal IT staff through phone calls, phishing emails and even in-person visits to offices.

In a FLASH alert issued May 26, the FBI said the Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider and UNC3753, has consistently targeted U.S.-based law firms since spring 2023.

The agency said the group uses social engineering tactics to gain access to company computers and steal sensitive data.

"SRG actors either directly call or send phishing emails to urge employees to call the SRG actor posing as IT support," the FBI said. "While on the phone, the SRG actor directs the employee to grant access to a remote desktop session."

The FBI said the group operates differently from traditional ransomware gangs because it does not mainly rely on encrypting systems. Instead, the attackers focus on "rapid access to victim systems, immediate data exfiltration, and extortion through threats of public disclosure or sale of stolen data."

According to the alert, if remote access attempts fail, SRG actors may send someone physically to a victim company's office.

"In this scheme, the threat actor tells the victim they need to image the device or create a backup file to address potential impacts from the phishing email," the FBI said.

Once access is obtained, the group quickly steals company data using tools such as WinSCP or hidden versions of Rclone, the agency said. Investigators said the stolen data is often transferred through platforms such as Google Drive or Microsoft OneDrive.

The FBI said the attackers later use the stolen information to extort victims by threatening to publish or sell the data online. The agency also said SRG actors contact company employees or clients to pressure victims into ransom negotiations.

The alert identified several warning signs, including unauthorized downloads of remote access software such as Zoho Assist, AnyDesk, RustDesk, Splashtop and Atera. It also warned companies to watch for suspicious cloud data transfers, external hard drive installations and unsolicited calls from individuals claiming to work in IT support.

The FBI urged organizations to strengthen cyber hygiene measures, including staff training, regular backups and phishing-resistant multifactor authentication.

The agency also recommended verifying the identity of all visitors accessing company premises and limiting remote access permissions on systems handling sensitive data.

Discover more at New India Abroad.

Comments

This is a Premium Article, available exclusively to our subscribers.

Read 500+ such News or articles every month by subscribing today!
Monthly

Free

Limited Access

Limited View

Free weekly E-Paper

Subscribe Now
Monthly

$10

Full Access

Unlimited View

Free weekly E-Paper

Free daily newsletter

Subscribe Now
Annual

$50

Full Access

Unlimited View

Free weekly E-Paper

Free daily newsletter

Subscribe Now
Start the conversation

Become a member of New India Abroad to start commenting.

Sign Up Now

Already have an account? Login