A hacking group known as Silent Ransom Group (SRG) has been targeting law firms and other businesses by posing as IT support staff, gaining access to company computers, and stealing sensitive data. According to a report from Google's cybersecurity teams Mandiant and Google Threat Intelligence Group, SRG actors have been using social engineering techniques to trick employees into granting access to their computers, often through phone calls or phishing emails.
The group has been active since at least 2022, but has recently changed its tactics from remote cyber attacks to in-person hacks. In some cases, SRG actors send a threat actor to the victim's location to gain physical access to computers and insert a storage device to steal data. The stolen data is then used for extortion, with the group threatening to publish or sell it online unless a ransom is paid.
What Happened
The FBI has issued an alert warning of SRG's tactics, which involve using social engineering calls and phishing emails to trick employees into granting access to their computers. Once access is gained, the group uses legitimate remote access tools such as Zoho Assist, Quick Assist, AnyDesk, RustDesk, Syncro, Splashtop, and Atera to steal sensitive data.
According to Google's report, SRG actors have been using a variety of verbal instructions to guide target behavior, often posing as IT support staff to trick employees into granting access. The group has also been using screen-sharing features in apps like Zoom or Microsoft Teams to bypass security controls and steal data.
Background and Context
Silent Ransom Group is a hacking collective that has been active since at least 2022, targeting law firms and other businesses with sensitive data. The group's tactics have evolved over time, from remote cyber attacks to in-person hacks. SRG actors have used various methods to gain access to company computers, including phishing emails, social engineering calls, and physical intrusions.
The FBI has noted that SRG's tactics are a novel and significant escalation of traditional hacking techniques. The group's use of legitimate remote access tools and screen-sharing features in apps like Zoom or Microsoft Teams makes it difficult for antivirus products to flag these attacks.
Why It Matters to the Industry
The rise of SRG's tactics poses a significant threat to companies that handle sensitive data, including those in the adult industry. The group's use of social engineering and physical intrusions makes it difficult for companies to protect themselves against these types of attacks.
Companies in the adult industry often handle sensitive data, including personal identifiable information (PII) and financial information. SRG's tactics could potentially be used to steal this type of data, which could lead to identity theft, financial fraud, and other malicious activities.
What Comes Next
The FBI has issued an alert warning companies about SRG's tactics and urging them to take steps to protect themselves against these types of attacks. Companies are advised to verify the credentials of anyone attempting to access their computers and know their company's policy for how IT communicates and authenticates itself to employees.
Google's report highlights the need for companies to be vigilant in protecting themselves against SRG's tactics. The group's use of legitimate remote access tools and screen-sharing features in apps like Zoom or Microsoft Teams makes it difficult for antivirus products to flag these attacks.
Key Facts
- Silent Ransom Group (SRG) is a hacking collective that has been active since at least 2022, targeting law firms and other businesses with sensitive data.
- SRG actors use social engineering techniques to trick employees into granting access to their computers, often through phone calls or phishing emails.
- The group uses legitimate remote access tools such as Zoho Assist, Quick Assist, AnyDesk, RustDesk, Syncro, Splashtop, and Atera to steal sensitive data.
- SRG actors have been using screen-sharing features in apps like Zoom or Microsoft Teams to bypass security controls and steal data.
- The FBI has issued an alert warning companies about SRG's tactics and urging them to take steps to protect themselves against these types of attacks.
