


























Threat Insight
Silent Ransom Group is a Russian cyber extortion-group that mainly uses social engineering to steal sensitive data for extortion purposes. They often call victims impersonating helpdesk staff and attempt to persuade them to download remote management tools that allow the criminals to access the victims’ machines.
In a recent report, the FBI warns that Silent Ransom Group has also begun recruiting gig workers in the victims’ area under the guise of hiring helpdesk personnel. Gig workers are people who earn money through short-term, flexible jobs rather than a traditional permanent role. They are usually paid per task, project or assignment.
The cybercriminals instruct these workers to seek out an assigned victim and tell them they need to insert a USB drive into their machine to solve some problem.
A former student employee of the City of Copenhagen misused authorized access to the Danish Civil Registration System (CPR) to extract and sell sensitive personal data to criminal actors on a crime-as-a-service model. The insider advertised his ability to obtain information, charged per lookup, and in some cases guaranteed access to large numbers of records.
The data was shared via encrypted messaging platforms such as Telegram and Signal to criminals who used it to identify, locate, and target individuals for extortion and other violent acts. In the wider criminal context, at least one homicide occurred involving a person whose data had been accessed; however, the court did not find it proven that the insider’s actions contributed to the killing and therefore acquitted him of complicity in the homicide.
While the two incidents above are unrelated, both highlight how organized crime and organized cybercrime appear to be merging slowly as stolen data becomes a commodity on underground markets. Russian cyber extortion groups have amassed enough money to attempt to bribe insiders or organize schemes where gig workers are tricked into physically aiding them.
The growth of Western cybercrime ecosystems, where members are often recruited online at a very young age on platforms like Roblox, means that young IT students fresh out of college may secretly already be hardened criminals. The threat of AI replacing many IT jobs may also make it seem that the IT industry is not as safe as it once was, which can also make a criminal career seem more attractive.
This is a control problem across people, process, and access design. A threat actor does not need to break technical controls if a trusted person opens the way. Leadership should view this as a risk to sensitive data, physical safety, fraud exposure, and trust in the operating model.
ATT&CK pattern: This attack stands out through social engineering, abuse of trusted relationships, and use of valid accounts. The attacker borrows trust from employees, contractors, or local third parties instead of defeating technical controls first.
Architectural weak point: Sensitive data, privileged access, and key approvals often depend on a small number of people and weak supervision. If human trust is not designed as a control risk, the operating model gives the attacker a built-in bypass.
Roles, Responsibilities, and Authorities (GV.RR): Define who owns insider risk across cyber, HR, legal, fraud, and physical security.
Identity Management, Authentication, and Access Control (PR.AA): Control privileged access, contractor access, and user lifecycle changes.
Data Security (PR.DS): Limit exposure of sensitive data and high-value approvals to the smallest necessary group.
Continuous Monitoring (DE.CM) and Adverse Event Analysis (DE.AE): Detect misuse of trusted access and unusual activity around sensitive processes.
Incident Management (RS.MA) and Incident Response Reporting and Communication (RS.CO): Use one response model for insider misuse, social engineering, and related fraud events.
Stay ahead with cyber insights
Stay ahead in cybersecurity! Sign up for Truesec’s newsletter to receive the latest insights, expert tips, and industry news directly to your inbox. Join our community of professionals and stay informed about emerging threats, best practices, and exclusive updates from Truesec.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。