FBI Warns Silent Ransom Group Uses Fake IT Support and Physical Infiltration to Steal Corporate Data

FBI Warns of Ransom Gang Using Fake IT Support and In-Person Visits to Steal Data

The FBI has issued a warning about the Silent Ransom Group (SRG), a cybercrime organization that is expanding its tactics beyond phishing emails and phone scams by sending individuals to victims’ workplaces to gain physical access to company systems.

According to the FBI, the group has been targeting U.S. organizations since 2023 and primarily focuses on law firms, although companies in the financial, healthcare, and insurance sectors have also been targeted due to the sensitive information they handle.

Also known as Luna Moth, Chatty Spider, and UNC3753, the group typically poses as IT support personnel. Attackers contact employees through emails or phone calls and convince them to grant access to their computers using legitimate remote access tools.

However, the FBI says the group has now adopted a more aggressive approach. If remote access attempts fail, attackers may send an individual directly to the victim’s office while pretending to be a member of the IT support team.

Once inside, the impersonator attempts to gain access to a company device and insert a storage device, such as a USB drive, into the target computer. Under the guise of technical assistance or system maintenance, the attackers can then steal sensitive data from the organization.

Unlike traditional ransomware gangs that encrypt files, Silent Ransom Group focuses on data theft and extortion. The group steals confidential information and threatens to publish it unless a ransom is paid. To increase pressure on victims, the gang operates a dedicated data leak site where stolen information can be exposed publicly.

Recent reports indicate that several organizations have appeared on the group’s leak site, highlighting the growing threat posed by its extortion-focused operations.

The FBI warns that the group’s shift from remote scams to physical impersonation significantly expands the attack surface for organizations. Security measures such as email filtering and endpoint protection may not be enough if employees unknowingly grant physical access to attackers.

To reduce risk, the FBI recommends training employees to recognize phishing attempts, verify the identity of IT personnel and visitors, enforce strict access-control policies, monitor potential data exfiltration channels, and maintain records of identification presented by visitors entering company premises.

Organizations that encounter suspicious activity linked to Silent Ransom Group are encouraged to report it to the FBI and relevant cybersecurity authorities.