CNN reports:
When an executive at a US law firm’s phone rang in April, the voice on the other end was urgent: A computer virus was spreading through the firm.
The caller said they were from IT support and needed physical access to the lawyer’s computer because remote fixes to stop the attack weren’t working. The lawyer told his purported colleague to swing by his desk at the law firm’s office in New Jersey.
The next day, the firm’s receptionist called: The lawyer had a visitor from IT at the front desk.
“That’s when an alarm bell went off: Why would an IT person need to check in with reception?” said Leeann Nicolo, who handles incident response for cybersecurity insurance firm Coalition, which the law firm hired to investigate the incident.
The visitor ran out of the building when the lawyer approached the front desk, according to Nicolo.
It’s one of several incidents at law firms across the country in the last year in which, the FBI and private investigators suspect, the Russian-speaking Silent Ransom Group has hired people in the US to show up in-person and plug thumb drives into law firms’ computers. The physical access could help bypass anti-virus protections that the hackers run up against from afar.
Read more about Silent Ransom Group at CNN (subscription required). The group has reportedly been hiring people to physically enter law firms posing as IT support.
DataBreaches.net, which has reported on several law firm attacks by Silent Ransom Group (also known as Luna Moth), reports on how Silent Ransom Group recently acquired data from top-100 law firm Fox Rothschild, and what victims of Silent Ransom Group should expect if they are attacked.
