The FBI has issued a public cybersecurity bulletin warning that a sophisticated cybercrime group known as the Silent Ransom Group (SRG)—also referred to as Luna Moth, Chatty Spider, and UNC3753—is actively targeting law firms across the United States. This threat actor, operating since at least 2022, has expanded its focus in recent months to specifically victimize legal organizations due to the sensitive nature of the data they manage.
SRG’s method of attack diverges from traditional ransomware models. Instead of encrypting files, the group uses social engineering tactics to gain remote access to systems and exfiltrate data, which it then uses as leverage in extortion campaigns. The FBI notes that the group has become known for its use of phishing emails disguised as subscription service notifications. These emails typically claim that a small subscription charge is pending and instruct the recipient to call a phone number to cancel. During that call, the victim is directed to install legitimate remote access tools—such as Zoho Assist, AnyDesk, or Splashtop—which unknowingly provide attackers with access to their device.
In a concerning shift in tactics observed as of March 2025, SRG has begun impersonating internal IT staff via unsolicited phone calls. The attackers tell employees that IT work needs to be done and direct them to grant remote access to their devices. Once inside, SRG quickly moves to exfiltrate data using tools like WinSCP or Rclone—often without escalating privileges, allowing the attack to proceed unnoticed by antivirus or endpoint detection systems. After extracting sensitive files, SRG contacts the victim organization with ransom demands, threatening to leak or sell the data unless payment is made.
While law firms are currently the primary target, the FBI reports that organizations in the healthcare and insurance sectors have also been affected. Despite claiming to have a public site for posting stolen data, SRG has been inconsistent in actually following through, possibly as a pressure tactic during negotiations.
The FBI emphasizes that SRG’s attacks often leave minimal traces, making them difficult to detect using traditional security tools. Network defenders are advised to monitor for signs such as unauthorized downloads of remote access tools, unexpected outbound data transfers using WinSCP or Rclone, and any suspicious IT-related communications with employees.
To mitigate the risk, the FBI recommends a series of basic but critical steps: implement robust phishing awareness training, enforce multifactor authentication across all systems, maintain clear internal protocols for IT support communications, and ensure regular, secure data backups. Organizations are also encouraged to share any legally permissible information about incidents involving SRG with their local FBI Cyber Squad, including ransom notes, phishing emails, attacker phone numbers, and cryptocurrency wallet details.
This alert serves as a critical reminder for Pennsylvania’s legal and business communities to remain vigilant. The Cybersecurity Association of Pennsylvania continues to monitor developments and urges all members to ensure their systems and staff are prepared to respond to evolving threats like SRG. More information, along with FBI field office contacts, can be found at www.fbi.gov/contact-us/field-offices.
As Super Bowl 59 approaches, the excitement is palpable—especially for Philadelphia Eagles fans hoping for another championship run. Whether you're a die-hard Eagles supporter, a Kansas City Chiefs fan, or simply in it for the spectacle (and Taylor Swift’s potential appearance), cybercriminals are leveraging the hype to launch sophisticated scams. From phishing attempts to fake ticket sales, these scams exploit fans’ emotions and urgency, making it crucial to stay vigilant.
Today is Groundhog Day, since 1887, it is the one day a year where we rely on a Groundhog named Punxsutawney Phil, to forecast the next six weeks of our lives. In today’s case the forecast calls for 6-more weeks of Winter.
In 1993, the movie Groundhog Day was released where Bill Murray gets trapped in a time loop reliving this Pennsylvania Dutch superstition that a groundhog’s shadow on February 2nd predicts how long winter will last.
As we kick off Data Privacy Week, the Cybersecurity Association of Pennsylvania wants to bring attention to a critical and growing issue: AI Data Security. In today’s world, artificial intelligence has become an integral part of everyday life, both for consumers and businesses. From Apple Intelligence on your iPhone to Google’s Gemini, Meta AI, ChatGPT, and emerging platforms like DeepSeek, AI is shaping the way we interact with technology.
While AI offers unparalleled speed and accuracy in answering questions and solving problems, it also introduces risks, particularly in how it processes, learns from, and uses data.
TikTok Ban in the U.S.: Access Blocked and Cybersecurity Risks Intensify
The TikTok ban in the United States has officially gone into effect, and TikTok engineers appear to have implemented robust measures to block access to the app for users within the country. This unexpected level of restriction has caught many by surprise, as it extends even to those attempting to bypass the ban using Virtual Private Networks (VPNs).
The Supreme Court has upheld the federal Protecting Americans from Foreign Adversary Controlled Applications Act, effectively banning the Chinese-owned social media platform TikTok in the United States. The decision, delivered just days before the law takes effect, emphasizes the growing concerns over cybersecurity and data privacy, sparking a critical conversation about the handling of user data and national security risks.
As TikTok faces potential bans in various regions, many users are turning to RedNote, a Chinese social media platform gaining rapid popularity. While the app promises a vibrant and engaging space for creative content, it’s essential to be aware of the potential risks involved. Below, we explore critical security concerns, data privacy issues, and the emerging threat of deepfake technology associated with the app.
In the face of natural disasters, small businesses often find themselves at a crossroads, grappling with the challenges of maintaining operations amidst chaos. Winter weather, hurricanes, and even wildfires present unique threats that can disrupt business continuity and jeopardize the very existence of a small enterprise. However, with strategic planning and a deep understanding of critical concepts such as Recovery Time Objective (RTO), these businesses can navigate through adversity and emerge resilient.
It’s no secret that the healthcare industry is a prime target for cybercriminals due to the sensitive nature of patient data. Over the last few years, the landscape of IT security solutions has evolved significantly, offering healthcare organizations more robust measures to protect their patient data and meet the stringent standards set by the Health Insurance Portability and Accountability Act (HIPAA).