惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
Schneier on Security
Schneier on Security
T
Tor Project blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tenable Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Threat Research - Cisco Blogs
C
CERT Recently Published Vulnerability Notes
Security Latest
Security Latest
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
Scott Helme
Scott Helme
Webroot Blog
Webroot Blog
Project Zero
Project Zero
Google Online Security Blog
Google Online Security Blog
The Last Watchdog
The Last Watchdog
Spread Privacy
Spread Privacy
Hacker News: Ask HN
Hacker News: Ask HN
PCI Perspectives
PCI Perspectives
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
W
WeLiveSecurity
Attack and Defense Labs
Attack and Defense Labs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
N
News | PayPal Newsroom
Help Net Security
Help Net Security
The Hacker News
The Hacker News
H
Heimdal Security Blog
O
OpenAI News
S
Security @ Cisco Blogs
N
News and Events Feed by Topic
Cyberwarzone
Cyberwarzone
Simon Willison's Weblog
Simon Willison's Weblog
G
GRAHAM CLULEY
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园 - 叶小钗
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tailwind CSS Blog
大猫的无限游戏
大猫的无限游戏
A
Arctic Wolf
I
Intezer
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Security Affairs
P
Proofpoint News Feed
S
Secure Thoughts
腾讯CDC
Google DeepMind News
Google DeepMind News
量子位
罗磊的独立博客

CyberScoop

Security researchers find stalkers abusing Chrome's sync feature SonicWall customers under threat as attackers exploit 2 zero-days Dems press DNI nominee Jay Clayton on election security questions, but leave dismayed Forget the model. When it comes to cybersecurity, it’s all about the harness White House details ‘Gold Eagle’ clearinghouse for AI cyber threats Microsoft discloses ‘the mother of all’ vulnerability loads, tripling June’s previous record Treasury sanctions First VPN Service, others for abetting ransomware gangs States are building their own election defense networks as federal support evaporates Europe strikes out against Russia’s Turla over espionage, ‘destructive attacks’ Officials once again warn defenders that Russian hackers are targeting network devices AI-generated code has made security debt a governance problem Armenian national pleads guilty to Ryuk ransomware attacks CISA looks to remedy ailments from big May credential leak Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail Interpol cybercrime crackdown nets 5,800 arrests across 97 countries 764 splinter group leader sentenced to 40 years in jail French nonprofit starts global intelligence and research hub for AI cyber threats Found fast, fixed slow: The gap the AI clearinghouse must close Spain arrests suspected hacker linked to Russian hacktivist campaign Deepfake CSAM lawsuit against xAI, Grok expands Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities US Army websites defaced with pro-Kurdish sentiments, insults to Trump Sysdig clocks first documented case of agentic ransomware Finding vulnerabilities was never the hard part Someone infected a spyware probe overseer with spyware Alleged longstanding member of Scattered Spider extradited to US Researchers spot exploitation of another critical Oracle defect U.S. lifting export control restrictions on Anthropic’s Mythos, Fable This phishing kit looks more like BEC-as-a-service Citrix patches a new NetScaler flaw with echoes of CitrixBleed Trump budget boss Russell Vought open to re-staffing CISA DHS to unveil replacement council for critical infrastructure cybersecurity How ransomware syndicates weaponize corporate-style organization Warner bill would create federally vetted list for secure, trustworthy AI agents Supreme Court approves mail-in ballots that arrive after Election Day Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling What the post-quantum executive order really demands of CISOs ATF cancels controversial commercial geolocation contract FCC passes new cybersecurity rules for emergency systems, undersea cables Federal court rules Trump election-focused executive order illegal Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack Why patch directives only go so far Malicious hackers exploit Cisco zero-day for highest access level at communications service provider In a first, a court takedown goes after two cybercrime tools at once Open-source security is posing challenges governments can't easily solve Justice Department seizes infrastructure used by cyber scam and criminal marketplace Algerian man charged with running two cybercrime marketplaces Court rules SAVE database illegal, orders it dismantled Trump executive orders speed up post-quantum migration, boost industry Intel agencies: Frontier AI models will reshape cybersecurity faster than expected Authorities disrupt Evil Corp’s SocGholish botnet Congress tees up No FAKES Act, aiming at AI-generated deepfakes How software development's speed obsession enabled TeamPCP’s chaos crusade Accenture shells out $4.18B on three companies in big industrial cybersecurity push Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April Lawmakers leary about Trump administration’s Anthropic order AI’s constant patching treadmill can be a security problem A case for how to shape ‘ingredient lists’ for AI models Google exposes China espionage group that’s been lurking in networks undetected since 2023 Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat Anthropic disables new models after government calls them a national security concern FBI takes down massive China-based cybercrime network that caused $1.9B in losses US, France, and Italian authorities shut down massive deepfake porn site Conti ransomware group member pleads guilty, faces up to 20 years in prison ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw CyberCorps is adapting to AI. The budget isn’t keeping up. Russian national charged in connection with Void Blizzard espionage campaign OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers CISA directive orders agencies to prioritize vulnerability patching in a new way Microsoft breaks Patch Tuesday record with 206 vulnerabilities Anthropic’s new model is Mythos on a leash CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector Cisco customers encounter another SD-WAN zero-day under attack Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint The AI security race needs accountability, not overregulation Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away Hill Dems hammer GOP for $250M CISA budget cut Your AI agent could become your biggest insider threat Inside the race to adapt to an AI-powered security world European authorities crack down on illegal streaming networks DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels DOD wants to integrate cyber in all operations, and integrate security into AI Trump administration releases scaled-back AI executive order Anthropic expanding access to Project Glasswing Attackers are exploiting Palo Alto Networks defect that initially flew under the radar Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order Election threats are focused on campaign systems, not voting machines Tennessee man linked to 764 accused of series of crimes against children dating back to 2022 Federal audit reveals NIST’s NVD is plagued by poor planning and duplication House panel poised to hold hearing centered on AI impact on cyber Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket Zapier fixes bug chain that researchers say risked widespread account takeover OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain Apple open-sources quantum-resistant encryption code White House charts new course for federal agencies and cybersecurity logging Anthropic: Mythos finds more than 10,000 software flaws in first month
FBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person
Matt Kapko · 2026-05-28 · via CyberScoop

Silent Ransom Group, a long-running data extortion operation, continues to hit U.S.-based law firms by impersonating IT support and, in some cases, visiting victims in person to gain physical access to computers, the FBI said in an alert Tuesday.

The closed group, which likely operates from Russia and emerged in 2022 after Conti disbanded, has claimed responsibility for more than 100 attacks with activity surging during the past few months, according to researchers.

The FBI’s warning comes exactly one year after the agency released a previous alert about Silent Ransom Group consistently targeting law firms since mid-2023. The group doesn’t deploy encryption, but its dual use of social engineering and in-person visits for data theft is extremely rare with no known parallels across the vast cybercrime ecosystem, multiple experts told CyberScoop.

“There were probably a lot of times that this failed before it started succeeding because there’s a lot of trial-and-error involved,” said Allan Liska, field chief information security officer at Recorded Future. Whereas other ransomware groups would rather move on to other tactics or targets, “Silent Ransom Group has seen the value especially in going after law firms, and so they’re willing to put the extra effort into it,” he added. 

The data extortion group, which is also tracked as Chatty Spider, UNC3753 and Storm-0252, isn’t as prolific as more high-tempo ransomware groups. Yet, it’s having a noticeable impact due to its proven knack for attacking organizations in the legal sector.

Halcyon tracked 134 ransomware incidents against law firms and legal services during the first quarter of this year, making it the fourth-most targeted industry accounting for more than 6% of all ransomware attacks the company tracked during the period. 

Silent Ransom Group and Inc, a ransomware-as-a-service operation dating back to mid-2023, are largely responsible for that uptick, said Cynthia Kaiser, senior vice president at Halycon’s Ransomware Research Center.

“Silent was the first group to really just be targeting law firms, and they’ve targeted major law firms” with a clear understanding of what’s most problematic for organizations in that segment, she added. “The theft of data in and of itself is the biggest issue for the law firms, so they’re tailoring a lot of their operations around what they know about the sector.”

Law firms are a rich target because data theft creates huge privilege and reputational problems, which creates the perception they might be more willing to pay high extortion demands, Kaiser said.

Silent Ransom Group’s social engineering scheme involves phone calls or phishing emails that urge employees to call one of the group’s associates posing as IT support, the FBI said. If the group’s attempt to gain access to the employee’s computer via remote access tools fails, it sends an associate to the victim’s location to physically attach a storage device to the victim’s workstation. 

This extra step is unique and places Silent Ransom Group in a completely different mode of operation than its peers in ransomware and data theft extortion. Some aggressive data theft extortion groups have harassed and threatened executives and employees with physical violence, but in-person visits for data theft are extraordinary.

“While Flashpoint has observed threat actors soliciting or co-opting both witting and unwitting insiders, we have not observed them physically sending attackers to victim locations. This tactic carries significant risk, as threat actors are able to use technology to obscure their real-world identities,” said Ian Gray, vice president of cyber threat intelligence operations at Flashpoint. 

Joe Slowik, director of cybersecurity alerting strategy at Dataminr, said it’s easy to question why potential victims would fall for this tactic. “However, humans in the workplace need to implicitly trust others to get their jobs done,” he said. 

“Questioning everything, while seemingly desirable, introduces significant friction and distrust in workplace environments and limits productivity in arbitrary ways,” Slowik added. “Criminal entities will continue to prey on human weaknesses and dependencies for success, and placing the burden solely on employees to defend against this is unfair and unreasonable.”

The FBI did not provide details about the people Silent Ransom Group uses to initiate the fake IT support calls or visit victims in person. Yet, with the group’s operators based in Russia, researchers speculate gig workers or subcontractors are playing a critical role by placing voice-based phishing calls in a common language and visiting victims at their workplace. 

Liska said he’s under the impression the group is using freelance taskers that don’t necessarily know they are committing a crime. “They may be suspicious, but you know, they need the money,” he said. 

“It’s kind of like a Doordash person that delivers Arby’s,” Liska said. “You know you’re doing really bad things to people, but you know what, they’re paying you to deliver.”