Silent Ransom Group has targeted law firms in the United States using callback phishing emails and social engineering calls. The campaign urges employees to contact attackers posing as IT support to cancel subscription fees. The FBI warns that phishing emails include links to remote access software that enables rapid data exfiltration. In observed attacks, the attackers update tactics by posing as an employee from the victim’s IT department and directing employees to grant access through remote desktop sessions. If remote access fails, an attacker may appear in person to insert a device. After access, the attackers escalate privileges and exfiltrate data immediately without deploying file-encrypting ransomware, using tools such as WinSCP or Rclone and sometimes copying data to Google Drive or OneDrive. They may also exfiltrate data to external drives or USB devices inserted during the intrusion.
"SRG actors either directly call or send phishing emails to urge employees to call the SRG actor posing as IT support. During the call, the attackers direct the victim organizations' employees to grant access to their machines through remote desktop sessions. If the attempt fails, however, they send an individual posing as IT support in person to insert a device into the computer."
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]