Silent Ransom Group “Call-back” Phishing Campaign

Arctic Wolf reports an uptick in activity from the Silent Ransom Group targeting the legal industry using call-back phishing and vishing: attackers impersonate services to prompt victims to call and then social-engineer them into installing remote-access tools (Zoho Assist, AnyDesk), exfiltrate sensitive data (often via SFTP/WinSCP to private hosts like Hostwinds), and extort victims with threats to leak or sell stolen data. The bulletin recommends restricting outbound SFTP (port 22), uninstalling/unapproved RMM tools, and implementing vishing-focused security awareness training.