FBI Issues on Silent Ransom Group Using Fake IT Support Calls to Target Victims

The Federal Bureau of Investigation (FBI) has issued a critical alert regarding the escalating activities of the cyber threat actor known as Silent Ransom Group (SRG), also identified under aliases such as Luna Moth, Chatty Spider, and UNC3753.

Since emerging in 2022, SRG has gained notoriety for its advanced callback phishing schemes, often posing as legitimate businesses offering subscription plans.

However, as of March 2025, the group has shifted to a more direct and insidious approach, impersonating IT department employees through unsolicited phone calls to trick individuals into granting remote access to their systems.

This evolution in tactics, primarily targeting U.S.-based law firms due to the sensitive nature of legal data, underscores SRG’s adaptability and the growing risk to organizations across multiple sectors, including medical and insurance industries.

Social Engineering Tactics

SRG’s modus operandi involves socially engineering victims to install remote access software like Zoho Assist, Syncro, AnyDesk, Splashtop, or Atera, under the pretense of resolving a fabricated IT issue or canceling a fictitious subscription fee.

Once access is secured, often with instructions to leave devices unattended “overnight,” the attackers pivot swiftly to data exfiltration using tools like WinSCP (Windows Secure Copy) or disguised versions of Rclone.

Even on devices lacking administrative privileges, SRG employs portable versions of WinSCP to steal sensitive information.

After exfiltrating data, the group sends ransom demands via email or makes direct calls to employees, threatening to publicly release or sell the stolen information onappen the type of content.

Their inconsistent use of a public site for posting victim data adds an unpredictable layer to their extortion strategy, heightening the pressure on victims to comply with payment demands.

The FBI notes that SRG leaves minimal digital footprints, often evading traditional antivirus solutions by leveraging legitimate system management tools, making detection challenging for network defenders.

Data Exfiltration

According to the Report, The FBI emphasizes the importance of robust cyber hygiene practices to counter SRG’s threats, urging organizations to implement staff training on phishing resistance, establish clear IT authentication protocols, maintain regular data backups, and enforce two-factor authentication across all accounts.

Indicators of potential SRG activity include unauthorized downloads of remote access tools, suspicious WinSCP or Rclone connections to external IPs, and unsolicited communications claiming data theft or subscription issues.

The agency is also actively seeking information from victims, including ransom notes, threat actor phone numbers, and copies of phishing emails, to bolster their investigation, while clarifying that organizations are under no obligation to share such data unless compliant with applicable laws.

This alert serves as a stark reminder of the persistent and evolving nature of cyber threats.

As SRG continues to refine its tactics, blending technical prowess with psychological manipulation, the FBI encourages affected entities to report suspicious activities to local field offices, providing detailed accounts of incidents to aid in tracking and mitigating this pervasive threat.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!