A threat actor called Silent Ransom Group is targeting United States law firms. Members of the ransomware operation are trying to steal sensitive data to extort victims.
Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, has been around since 2022 and is primarily known for its callback phishing emails.
Typically, SRG would send phishing emails, stating that it would charge “subscription fees.” To cancel the fake subscription, victims are urged to call the threat actor, who would then send unsuspecting victims an email containing a link to download remote access software, giving the scammers access to their victims’ devices.
Once the hackers gained access, they sought sensitive information to exfiltrate. Lastly, a ransom note was sent to the victims, threatening to expose or sell the stolen data if a ransom wasn’t paid. The threat actor also threatened to call employees of breached organizations to pressure them into ransom negotiations.
“As of March 2025, SRG was observed changing its tactics to calling individuals and posing as an employee from their company’s IT department. SRG will then direct the employee to join a remote access session, either through an email sent to them or by navigating to a web page. Once the employee grants access to their device, they are told that work needs to be done overnight,” the FBI said in a private industry notification.
What makes these attacks so dangerous is that the SRG campaigns hardly leave any traces on compromised machines. In addition, traditional antivirus products do not detect attacks because SRG generally uses legitimate system management or remote access tools to carry them out.
SRG primarily targets law firms in the United States, but companies in the medical industry and insurance industry have also been attacked.
The FBI’s Cyber Division recommends implementing basic cyber hygiene, including using strong and unique passwords, enabling multi-factor authentication, and installing antivirus tools. Additionally, law firms would be wise to train employees to resist phishing emails, maintain regular backups of company data, and develop and communicate security protocols.
Lastly, the FBI is asking victims to contact the agency and provide detailed information on the SRG’s tactics, techniques, and procedures (TTPs).
Your email address will not be published. Required fields are markedmarked