The Federal Bureau of Investigation (FBI) has issued a Private Industry Notification (PIN) warning about an alarming rise in cyberattacks by the notorious threat group Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753. This group has been targeting law firms, including those outside the United States, using sophisticated social engineering tactics designed to gain unauthorized remote access to sensitive systems and exfiltrate data for extortion purposes.
SRG has a history of targeting various sectors, but since Spring 2023, law firms have become a consistent focus due to the sensitive nature of legal data. Their operations, which began in 2022, involve phishing emails disguised as subscription service communications or IT department calls that lure victims into downloading remote access software such as Zoho Assist, Syncro, AnyDesk, Splashtop, or Atera. Once access is granted, the attackers deploy tools like WinSCP or hidden versions of Rclone to quickly exfiltrate sensitive data.
As of March 2025, SRG has refined its tactics by placing direct calls to employees, pretending to be IT staff, and requesting them to join remote access sessions. Victims are often told the work is routine or maintenance-related, but once access is granted, the attackers extract data and send ransom notices, threatening to leak the stolen information unless a payment is made. The FBI warns that these ransom demands often come with aggressive follow-up calls and threats.
Though SRG’s operations have primarily impacted U.S.-based firms, their approach is scalable and could potentially threaten legal and business sectors worldwide, including Samoa. SRG’s data leaks have been inconsistent, with some stolen data posted publicly but others not. This unpredictability makes it even more challenging for victims to assess risks.
The FBI advises organizations to enhance cybersecurity practices, including strong passwords, multi-factor authentication, regular staff training to recognize phishing attempts, clear IT authentication protocols, and consistent data backups. They also encourage firms to report any suspicious activities to local FBI field offices or through www.fbi.gov/contact-us/field-offices. The FBI requests copies of ransom notes, emails, call records, and any communications with the attackers to assist ongoing investigations.
The alert highlights that while these threats have been observed in the U.S., businesses and legal entities in Samoa and the Pacific region should also remain vigilant. Law firms and companies handling sensitive client information are urged to review their cybersecurity protocols and stay alert for suspicious emails, phone calls, and downloads.
For further information or to report suspicious activity, contact your local law enforcement or the FBI’s cyber squad via the contacts provided in the advisory.
Source: Information provided by the Federal Bureau of Investigation (FBI) Private Industry Notification, released on 23 May 2025, PIN Number 20250523-001.
Here is the notification.
