Silent Ransom Group Targets U.S. Law Firms with Social Engineering Attacks
AI-generated from multiple sources. Verify before acting on this reporting.
WASHINGTON — Additional corroborating reports have emerged regarding the Silent Ransom Group's ongoing campaign against U.S. law firms. The new information confirms the scope of the social engineering attacks extends beyond the initial targets previously identified. Further details indicate the group has successfully compromised additional professional services organizations using similar fake IT support call tactics. These developments suggest the campaign's reach is broader than initially assessed, with victims reporting unauthorized remote access and data exfiltration attempts. The group continues to operate under the aliases UNC3753, Luna Moth, and Chatty Spider. Security experts warn that the sophistication of these attacks remains high, requiring heightened vigilance across the legal sector. No new aliases or distinct attack vectors have been identified at this time. The campaign remains active, with no indication of a reduction in frequency or intensity. Organizations are advised to review their remote access protocols and train staff to recognize impersonation attempts.
WASHINGTON — A cybercriminal group known as Silent Ransom Group is targeting U.S. law firms and professional services organizations with sophisticated social engineering campaigns designed to steal sensitive data and extort victims. The group, also identified by aliases UNC3753, Luna Moth, and Chatty Spider, has launched a wave of attacks involving fake IT support calls that grant attackers remote access to corporate networks.
The campaign, active as of June 7, 2026, focuses on extracting confidential client information, including contracts, tax records, and merger plans. Once the data is exfiltrated, the group demands payment within a strict three-day window, threatening to leak the stolen materials publicly if the ransom is not paid.
Victims are contacted through unsolicited phone calls posing as technical support representatives. The callers convince employees to install remote access tools under the guise of resolving technical issues. This initial access allows the group to deploy ransomware and exfiltrate data before encryption occurs, a tactic that increases leverage during negotiations.
The attacks represent a shift in tactics for the group, which has previously targeted healthcare and government sectors. Security experts note that law firms are particularly vulnerable due to the high value of their client data and the critical need for confidentiality. The three-day deadline for payment adds significant pressure on legal teams to resolve the situation quickly to avoid reputational damage.
U.S. law enforcement agencies are investigating the campaign, though no arrests have been announced. The group operates from an undisclosed location, complicating efforts to trace the perpetrators. Victims are advised to report incidents to the FBI and the Cybersecurity and Infrastructure Security Agency.
The Silent Ransom Group's operations highlight the evolving nature of cyber threats targeting professional services. The use of social engineering to bypass technical defenses underscores the importance of employee training and verification protocols. Organizations are urged to implement multi-factor authentication and restrict remote access tools to authorized personnel only.
As the campaign continues, the group's demands and targets may expand. The impact on U.S. legal firms remains uncertain, with potential long-term consequences for client trust and data security. Further developments are expected as investigations proceed.