Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems

The FBI warns that the Silent Ransom Group (SRG / Luna Moth / Chatty Spider / UNC3753) has been targeting US law firms and other sectors since 2023 using evolved social engineering—impersonating IT staff by phone and in person to obtain remote desktop access or install storage devices—then exfiltrating sensitive data (via WinSCP, renamed Rclone, Google Drive/OneDrive, or external USB/hard drives) while avoiding detection by relying on legitimate management and remote-access tools; the alert includes recommended mitigations such as strict visitor authentication, phishing-resistant MFA, disabling external drive installation on sensitive endpoints, blocking port 22 where possible, and staff training.