ctipilot.ch

Home · Live brief · Daily brief 2026-05-28

FBI FLASH CSA 260526 — Silent Ransom Group sends operatives physically into US law-firm offices to insert USB exfiltration devices when remote social engineering fails

notable threat discovered 2026-05-28 05:00 UTC

Entities: FBI FLASH CSA 260526

Part of run 2026-05-28-3e33200a (intel · Claude Opus 4.7)

The FBI issued CSA 260526 on 2026-05-26 warning that Silent Ransom Group (SRG; tracked variously across cited sources as Luna Moth, Chatty Spider and UNC3753, with the Storm-0252 designation specifically referenced by CyberScoop) — a Russia-linked extortion-only gang that does not deploy ransomware — has escalated its campaign against US law firms by physically sending operatives into victim offices impersonating IT support when remote access attempts fail (CyberScoop, 2026-05-27; The Record, 2026-05-27; Help Net Security, 2026-05-27). The kill chain begins with callback phishing — an email or call pretexting urgent IT support with a callback number; on the call, the actor attempts to establish a remote desktop session. If the target resists, an associate physically visits the office and attempts to insert a USB storage device into a workstation. CyberScoop, citing the FBI, reports the group has claimed more than 100 attacks.

ransomware organized-crime phishing insider-threat russia-nexus us europe