The FBI warned that a forced recovery gang, known as Silent Ransum Group, is targeting US law firms in Callback Fishing and Social Engineering attacks in the last two years.
Also known as Luna Moth, Chat Spider, and UnC3753, the danger is active since Group 2022 and was also behind the Bazarcall expeditions, which provided early access to the corporate network for Ryuk and Conti Ransomware attacks.
In March 2022, after the shutdown of Conti, the danger actors separated from the cybercrime syndicate and created their own operation called Silent Rances Group (SRG).
In recent attacks, SRG motivates the IT support of the target to achieve access to the network of goals using social engineering strategy in fake sites and phone calls.
This forced recovery group does not encrypse the systems of the victims and is known for ransom demanding not to leak sensitive information stolen from online compromised equipment.
“SRG will then direct the employee to join a remote access session, either through the email sent to them, or to navigate on a web page. Once the employee reaches his device, they are told that the work should be done overnight,” FBI. Said In a private industry notification on Friday.
“Once the victim’s device, a specific SRG attack includes minimal privilege increase in a specific SRG attack and quickly pivotes for data exfoliation made through a hidden or nominal version of ‘WinSCP’ (Windows Secure Copy) or ‘RCLONE’.
After stealing the figures of the victims, they take them out via ransom email, threaten to sell or publish information, and they will also call the employees of violated organizations to pressurize the ransom talks. While they have a dedicated website where they are leaking the data of their victims, the FBI says the forced recovery gang does not always follow their data leak hazards.
To defend against their attacks, the FBI recommends using strong passwords, enables two-factor authentication to all employees, creates regular data backups, and the staff conducts training on detection of fishing efforts.
The FBI warning follows a recent Economic Report, expanding the SRG attacks that target legal and financial institutions in the United States, in which the attackers are seen to register the domain “to support the portal for” helping or supporting the portal for major American law firms and financial services, using Jodi Typosquated Pattern. “
The victims are being sent malicious emails with fake helpdesk numbers, urging them to make calls to solve various non-existent problems. However, Luna Moth Operator will attempt to cheat employees of targeted companies in establishing distance monitoring and management (RMM) software from fake IT help desk sites to the employees of targeted companies applying IT employees at the other end.
Once the RMM tool is installed and launched, the actor of the danger receives keyboard access, which allows them to look for valuable documents on compromised equipment and shared drivers that will later be exhaled using RCLone (Cloud Sinking) or Vinnakpi (via SFTP).
According to the EclecticIQ, the demand for Rancem is sent by the Silent Ranesam Group Range between one and eight million USD, depending on the size of the company.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
