TZUTC: -0500   
   MSGID: 1155.consprcy@1:2320/105 2c9c48f0   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FBI warns legal firms of Luna Moth extortion attacks where hackers will call   
   their office   
      
   Date:   
   Tue, 27 May 2025 13:34:00 +0000   
      
   Description:   
   Hackers are stealing files and then threatening to release them unless a   
   payment is made.   
      
   FULL STORY   
      
   Law firms in the US should be on the lookout for highly sophisticated    
   phishing attacks coming from the Silent Ransom Group, the FBI is warning.    
      
   In a recent Private Industry Notification , the FBI said the group, which    
   also targets other industries, has increased its focus on US law firms - and   
   that it has also shifted its tactics slightly as well.    
      
   The FBI says over the last couple of months, the group started impersonating   
   employees of the target law firm, posing as a member of the IT department to   
   send an email asking the victim to join a remote access session, stating the   
   work they needed to do was to be conducted overnight.   
      
   Chatty Spider    
      
   Once in the victims device, a typical SRG attack involves minimal privilege   
   escalation and quickly pivots to data exfiltration conducted through WinSCP   
   (Windows Secure Copy) or a hidden or renamed version of Rclone, the FBI   
   explained.    
      
   Although this tactic has only been observed recently, it has been highly   
   effective and resulted in multiple compromises.    
      
   Once the group exfiltrates sensitive data from the target system, they will   
   leave a ransom message, threatening to sell or leak the data online, unless a   
   payment is made. To put the victims under even more pressure, the threat   
   actors will call them on the phone, as well.    
      
   Silent Ransom Group is also known as Luna Moth, Chatty Spider, or UNC3753.    
   Its been active since 2022, but pivoted more towards US law firms in spring   
   2023. According to BleepingComputer , the group was behind the BazarCall   
   campaigns that gave Ryuk and Conti ransomware operators initial access to    
   some of their victims. The group was formed after Conti disbanded in March   
   2022.    
      
   To defend against phishing, the FBI advises companies to use strong    
   passwords, 2FA, and solid backup solutions.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/fbi-warns-legal-firms-of-luna-moth-exto   
   rtion-attacks-where-hackers-will-call-their-office   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426