05/26/2026

Silent Ransom Group Impersonating IT Personnel through Social Engineering

IC3

Summary
The Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, is targeting law firms using social engineering techniques. Through phone calls and phishing emails, SRG actors pose as IT support to establish access to victim computers and exfiltrate data, usually through legitimate remote access tools or by sending an individual in-person to the victim company’s location to gain physical access
to computers. While SRG has victimized companies in many sectors including those in the insurance, finance, and healthcare industries, the group has consistently targeted US-based law firms since Spring 2023.

Threat
SRG actors—active since at least 2022—conduct data theft and extortion operations without relying on traditional ransomware encryption. Unlike conventional ransomware actors, SRG actors typically seek rapid access to victim systems, immediate data exfiltration, and extortion through threats of public disclosure or sale of stolen data.
Historically, SRG actors sent phishing emails purportedly to charge small “subscription fees” to gain access to victim networks. To cancel the fake subscription, the victim was instructed to call the threat actor, who then emailed the victim a link to download remote access software.