Skip to content
Tech News
← Back to articles

FBI warns of in-person data theft attacks from extortion gang

2026-05-27 | original
read original more articles
Why This Matters

The FBI's warning highlights a growing threat of in-person data theft by the Silent Ransom Group, which poses significant risks to law firms and other organizations by physically accessing sensitive data. This underscores the importance for companies to strengthen physical security measures and employee awareness to prevent such targeted attacks. As cybercriminal tactics evolve to include in-person infiltration, both industry and consumers must remain vigilant against sophisticated extortion schemes.

Key Takeaways

The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks.

"As of Spring 2026, SRG actors use a social engineering scheme to pose as an employee from the victim's IT department. SRG actors either directly call or send phishing emails to urge employees to call the SRG actor posing as IT support," the FBI warned in a Tuesday flash alert.

"While on the phone, the SRG actor directs the employee to grant access to a remote desktop session. If that attempt fails, SRG sends a threat actor to the victim's location to gain access to insert a storage device into the victim's computer."

By going to the victim's location in person, the malicious actors can steal data by connecting USB drives or external hard drives to the victim's computer.

The FBI included the unauthorized installation of external hard drives or USB drives on company computers, and the presence of unidentified or unauthorized individuals claiming to be IT support and attempting to access computers, as possible indicators of an SRG attack.

"Through phone calls and phishing emails, SRG actors pose as IT support to establish access to victim computers and exfiltrate data, usually through legitimate remote access tools or by sending an individual in-person to the victim company's location to gain physical access to computers," the FBI added.

SRG uses the stolen data to extort the victims by sending a ransom email that threatens to sell or post it on their leak site, and will also call the victims' employees or clients to pressure them into beginning ransom negotiations.

Also known as Luna Moth, Chatty Spider, and UNC3753, this cybercrime gang has been active since at least 2022 and has been targeting legal and financial organizations in the United States since early 2023.

As previously reported by BleepingComputer, the same group of threat actors was also linked to BazarCall campaigns that provided initial access to corporate networks in Conti and Ryuk ransomware attacks.

In March 2022, after the Conti shutdown, they separated from the cybercrime syndicate and formed the Silent Ransom Group (SRG), known for data theft and extortion operations following targeted phishing attacks.

... continue reading

Explore topics: silent ransom group in-person data theft remote desktop usb drives fbi alert
Related:
Microsoft releases Windows 10 KB5087544 extended security update
Can hackers break encrypted USB drives? I tried to find out
North Korean fake remote worker scam lands two Americans 18-month prison sentences for hosting laptops — US firms unknowingly shipped laptops to “employees” who secretly worked from overseas via remote desktop, generating $1.2 million for Pyongyang
ValiDrive helps detect fake USB drives and storage devices
Americans sentenced for running 'laptop farms' for North Korea

© 2026 GoKawiil

About | Editorial Policy | Contact