1. Forum
  2. FidoNet
  3. CONSPRCY

  • Hackers installing in-person

    From Mike Powell@1:2320/105 to All on Thu May 28 08:46:28 2026
    Hackers are turning up to victim's work dressed as IT support to install malware in-person, FBI warns

    Date:
    Thu, 28 May 2026 12:05:00 +0000

    Description:
    If a remote session fails, hackers will come to install malware in person.

    FULL STORY
    The Federal Bureau of Investigation (FBI) is warning about hackers showing up at peoples offices, pretending to be IT support. They sit at peoples desks, pull all sensitive files into an external drive and leave malware behind, all while pretending to be fixing a technical problem.

    In a newly released flash alert, the FBI says this cheeky attack is being
    done by a threat actor calling itself the Silent Ransom Group (SRG). This threat actor, active for roughly four years now, starts their attack with a phone call. They mostly target US-based law firms and first try to get the victim to install a remote desktop management solution and grant them access. If that attempt fails, they will come, in person, carrying flash drives, external disks, and other equipment needed to execute the attack. Once they steal the files, theyll quietly escalate privileges and step away, engaging
    in extortion at a later date:

    "By sending someone in-person to the victims location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victims computer," the FBI explained. "SRG actors use the exfiltrated victim data to extort the victim by sending a ransom email threatening to sell or post the data online. SRG actors also
    call employees or clients of a victim company to pressure the victim to begin ransom negotiations.

    "Finally, the crooks have their own data leak website where they name-and-shame, in order to pressure the victims into paying the ransom demand."

    SRG is also known as Luna Moth, Chatty Spider, and UNC3753, the FBI further explained. The group was first seen back in 2022, and while it struck organizations in different industries, it is primarily focused on law firms
    in the US. According to BleepingComputer , this group was previously linked
    to BazarCall campaigns, as well as Conti and Ryuk ransomware incidents.

    Via BleepingComputer

    Link to news story: https://www.techradar.com/pro/security/hackers-are-turning-up-to-victims-work- dressed-as-it-support-to-install-malware-in-person-fbi-warns

    $$
    --- MultiMail/DOS
    * Origin: Capitol City Hub (1:2320/105)