According to Google and the Federal Bureau of Investigation, the ransomware network has sometimes ramped up its attacks on law firms by sending fake IT workers in person to victims’ offices, where the fraudsters use USB drives to steal data directly from victims’ computers or help other gang members connect to the computers remotely.
On Friday, Google’s cybersecurity teams Mandiant and Google Threat Intelligence Group published a new report It accuses the cybercriminal gang known as the Silent Ransom Group of attempting to steal victims’ information “using physical, personal access” in attacks targeting “dozens” of victims between January and May of this year.
“Mandiant has investigated various issues where competitors have planted insiders, bribed employees, or physically entered buildings,” Mandiant CTO Charles Carmakal told TechCrunch, adding that the company has seen this tactic used in other cases over the years.
last month, The FBI has issued a warning Silent Ransom Group has warned that it is targeting law firms with social engineering and phishing attacks impersonating IT support staff. But in some cases, the group sent fake IT support staff to victims’ offices, where they accessed employees’ computers and used USB drives or remote access tools to steal data such as contracts, personal information such as Social Security numbers, and financial and tax records.
An FBI spokesperson told TechCrunch: “We can confirm that we have witnessed multiple individuals impersonating IT support who have gained or attempted to gain physical access to the offices and/or devices of victim companies as part of the Silent Ransom Group’s data exfiltration scheme.”
In a now common extortion tactic that does not involve encrypting victims’ data as in traditional ransomware attacks, the gang has its own leak site, where it threatens victims to publish their stolen data and publishes it if the victim doesn’t pay.
Contact us
Do you know more about these hacking campaigns? Or other data breaches? We would love to hear from you. You can securely contact Lorenzo Franceschi-Bicchierai from a non-work device and network by calling +1 917 257 1382 or via Telegram and Keybase @lorenzofb. e-mail.
This often happens after hackers send direct emails to threaten victims.
According to Google, the hackers wrote to one of the victims: “In the absence of ignorance or compromise, we will inform your employees, partners and customers, after which we will publish your information.”
According to Google’s report, hackers also use more traditional methods such as phishing emails, follow-up phone calls and social engineering. Cybercriminals pretend to be a company’s IT support to trick victims into giving them access to their computers.
“Callers use a variety of verbal cues to guide target behavior. Under the guise of solving a security problem or helping with a corporate data migration project, they build trust and lead the target to join a screen sharing session,” Google researchers wrote. Hackers then bypass security controls by convincing victims to download and open screen-sharing apps, or by using screen-sharing features in apps like Zoom or Microsoft Teams.
While hackers often steal data remotely through malware or phishing attacks, these cases show that some hackers are willing to take their crimes a step further, mixing traditional hacking techniques with physical intrusions, a new and significant escalation.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
