Find notable cyber news and cases, enriched with sources, timelines, and signals.

Silent Ransom Group US law firm IT impersonation campaign

Campaign
First reported
Last updated
Happening score
H score 36
3 unique sources, 3 articles

Summary

Hide ▲

Silent Ransom Group (SRG), also tracked as UNC3753, Chatty Spider, and Luna Moth, is running a financially motivated data theft extortion campaign against dozens of U.S. organizations in professional, legal, and financial services. The activity spans January to May 2026 and uses vishing, IT impersonation, screen-sharing sessions, and remote monitoring and management (RMM) tools to gain access, with some cases escalating to physical intrusions and USB-based data theft. Stolen material has included PII, legal agreements, and financial records. The group continues to favor extortion-only operations, threatening data publication on LEAKEDDATA if victims do not respond.

Related Happenings

Nissan hit by network compromise

Incident
H score48 First: 29.06.2026 23:40 Last: 29.06.2026 23:40 Sources 1

About this happening: **Nissan** disclosed a **data breach** affecting **current and former employees** after unauthorized access tied to **Oracle PeopleSoft** exploitation put personnel records at ris...

Instructure's Canvas hit by data theft breach

Incident
H score65 First: 26.06.2026 11:00 Last: 26.06.2026 11:00 Sources 1

About this happening: The **Canvas** incident at **Instructure** exposed confidential **course and user data** after **unauthorized activity** and a later access event, affecting about **160 UK higher...

ShinyHunters Oracle PeopleSoft data theft and extortion campaign

Campaign
H score60 First: 10.06.2026 21:31 Last: 10.06.2026 21:31 Sources 1

About this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...

Latest development: 29.06.2026 23:40

Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.

Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion

Threat Actor Meta
H score21 First: 07.06.2026 17:09 Last: 07.06.2026 17:09 Sources 1

How related: After the Conti syndicate shut down in 2022, the group shifted to standalone data theft and extortion operations under the Silent Ransom Group branding.

About this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...

U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case

Law Enforcement
H score39 First: 05.05.2026 13:13 Last: 05.05.2026 13:13 Sources 1

About this happening: **Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...

Timeline

  1. 29.05.2026 16:00 4 articles · 1mo ago

    Silent Ransom Group targets US law firms with IT impersonation and data theft

    Initial Disclosure

    The FBI warns that Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider and UNC3753, has targeted US-based law firms since 2023 and, by spring 2026, was impersonating IT staff by phone, phishing email and in-person access attempts to obtain remote access, exfiltrate data with WinSCP or hidden or renamed Rclone, and move stolen data to Google Drive or Microsoft OneDrive.

    Show sources