The FBI warned that the Silent Ransom Group is using fake IT support schemes and in-person tactics to steal sensitive company data. The cybercriminal operation targets organizations through phishing emails, callback scams, remote access tools, and even physical visits to company offices.
Researchers said the campaign mainly targets law firms and other professional organizations in the United States. The attacks show how cybercriminal groups continue shifting toward social engineering and data theft instead of traditional ransomware encryption.
FBI Warns About Fake IT Support Attacks
According to the FBI, the Silent Ransom Group contacts employees while pretending to be internal IT staff or outside technical support workers. Attackers send phishing emails or direct victims to call fake support phone numbers controlled by the group.
Once communication starts, the attackers attempt to convince employees to install remote access software or share login credentials. In some cases, the group escalates the attack further by sending individuals directly to victim offices.
The FBI said attackers have attempted to gain physical access to company systems and sensitive files during these visits. Threat actors also reportedly used USB devices and external storage hardware to steal company information from compromised systems.
Investigators warned organizations to remain cautious of unexpected support requests involving urgent security problems or requests for remote access sessions.
Silent Ransom Group Focuses on Extortion
Unlike many ransomware gangs, the Silent Ransom Group usually focuses on data theft instead of file encryption. The attackers steal sensitive company information and then pressure victims with extortion demands.
Researchers said the group threatens to publish or sell stolen files if organizations refuse to pay. This strategy allows attackers to avoid some traditional ransomware detection methods while still creating serious financial and reputational pressure for victims.
The group is also tracked under several different names, including:
- Luna Moth
- Chatty Spider
- UNC3753
- Storm-0252
Security experts said the operation has remained active since at least 2022. The attackers previously used callback phishing techniques linked to older ransomware ecosystems before evolving into a dedicated extortion-focused operation.
Callback Phishing Remains a Core Tactic
Researchers said callback phishing remains central to the group’s operations. Attackers send emails designed to create panic or urgency, often involving fake invoices, subscription charges, or account security warnings.
Victims are instructed to call support numbers controlled by the attackers. Once the call begins, the threat actors manipulate employees into granting remote system access.
Security researchers also found that the group registers domains designed to imitate legitimate IT support portals. These fake websites help attackers appear more trustworthy during support conversations.
The FBI warned employees to independently verify support requests before downloading software or sharing access credentials.
Social Engineering Threats Continue to Grow
The Silent Ransom Group campaign highlights the growing importance of social engineering in modern cybercrime operations. Many threat actors now prioritize deception and credential theft instead of relying only on malware deployment.
Researchers warned that physical access attempts create additional security risks because they can bypass some traditional cybersecurity protections. Organizations should strengthen visitor verification procedures, employee awareness training, and access control policies.
Security teams should also monitor unusual remote access requests and unauthorized device connections inside corporate environments.
Conclusion
The Silent Ransom Group is using fake IT support schemes, callback phishing, and in-person tactics to steal sensitive company data from US organizations. The FBI warned that attackers increasingly rely on social engineering and physical access attempts instead of traditional ransomware encryption.
Researchers said organizations should remain alert for suspicious support
0 responses to “Silent Ransom Group Uses Fake IT Calls and In-Person Tactics”