FBI Warns Companies About Ransom Gang’s Fake IT Support Tactics
The FBI warned that the Silent Ransom Group (SRG), also known as Luna Moth or UNC3753, has escalated tactics beyond phishing and remote access scams to include physical impersonation of IT support staff at U.S. law firms and sensitive sectors like finance and healthcare. The group, linked to a 2026 breach at Jones Day, steals data via USB drives after failing remote access attempts, avoiding ransomware encryption in favor of extortion threats through a Data Leak Site.
The FBI issued a warning in May 2026 about the Silent Ransom Group (SRG), a cybercrime syndicate previously known for phishing and fake IT support scams, now adopting physical infiltration tactics. The group, also tracked as Luna Moth, Chatty Spider, or UNC3753, has expanded beyond remote access attempts to send actors posing as IT technicians to victim workplaces. Upon arrival, these individuals insert a storage device into target computers to exfiltrate data, often after remote access requests are denied. SRG primarily targets U.S.-based law firms but has also compromised financial, healthcare, and insurance sectors due to their sensitive data. The group avoids encrypting files, instead pressuring victims into ransom payments by threatening to expose stolen data on a public Data Leak Site. Jones Day, a firm representing President Trump in legal matters, was listed on SRG’s site following a 2026 breach, though the firm previously reported a separate phishing incident in April without naming the attackers. The FBI’s advisory highlights a shift in SRG’s operations, making traditional cybersecurity defenses less effective against physical impersonation risks. While remote access tools and email filters can mitigate phishing attempts, the group’s new tactic of on-site data theft requires additional security measures at entry points like reception desks. Organizations handling confidential information are urged to verify all unsolicited IT support claims and restrict physical access to systems. SRG’s evolution from Conti-affiliated operators (since 2023) to an independent group with hybrid attack methods underscores growing threats in cybercrime. The group’s Data Leak Site has already published stolen data from multiple victims, demonstrating its willingness to publicly expose information if ransom demands are unmet. The FBI recommends organizations implement multi-factor authentication, monitor physical access points, and train employees to recognize impersonation attempts.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.