Silent Ransom Group

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
The Silent Ransom Group, also known as Luna Moth, is a notable threat actor that has been engaging in malicious cyber activities since its establishment. Born out of the remnants of Conti, it has collaborated with other groups like Quantum and Roy/Zero to develop unique callback phishing tactics. As of June 2023, this group has been conducting data theft and extortion attacks through these tactics. Victims receive phishing messages containing a phone number, usually related to pending charges on their accounts. Once the victims call the provided number, they are directed to join a legitimate system management tool via a link provided in a follow-up email. On November 8, 2023, the FBI issued a warning about the Silent Ransom Group's callback phishing scam, which was being used to gain initial access to targeted organizations. The group had been using legitimate system management tools to elevate network permissions in these phishing attacks dating back to July. This unique approach involves the use of authentic tools to make remote connections, thereby bypassing conventional cybersecurity measures and gaining unauthorized access to sensitive information. Despite the sophistication of their techniques, the Silent Ransom Group's strategies harken back to traditional scam methods, utilizing callbacks to lure victims. Their modus operandi involves sending phishing messages to potential victims, encouraging them to call a provided phone number under the guise of addressing fictitious account charges. By leveraging these tactics, the Silent Ransom Group has managed to infiltrate various networks and carry out successful ransomware campaigns, posing a significant threat to both private and public sector organizations.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Luna Moth
2
Luna Moth, also known as the Silent Ransom Group (SRG), is a threat actor that has been identified by the cybersecurity industry for its malicious activities. This entity, which could be an individual, a private company, or part of a government, has been noted for its use of callback phishing scams
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Extortion
Ransomware
Scams
Ransom
Fbi
Scam
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ContiUnspecified
1
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Silent Ransom Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
7 months ago
Fake hotel reservation phishing scam uses PDF links to spread MrAnon Stealer
CERT-EU
8 months ago
FBI Warns of Emerging Ransomware Initial Access Techniques
CERT-EU
8 months ago
FBI Alert: Silent Ransom Group Utilizes Callback Phishing for Network Hacks
CERT-EU
8 months ago
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
CERT-EU
8 months ago
Silent Ransom Group ramps up callback phishing attacks
Securityaffairs
8 months ago
FBI: Ransomware actors abuse third parties and legitimate system tools for initial access