Silent Ransom Group US law firm IT impersonation campaign
Campaign
Summary
Hide ▲
Show ▼
Silent Ransom Group (SRG), also tracked as UNC3753, Chatty Spider, and Luna Moth, is running a financially motivated data theft extortion campaign against dozens of U.S. organizations in professional, legal, and financial services. The activity spans January to May 2026 and uses vishing, IT impersonation, screen-sharing sessions, and remote monitoring and management (RMM) tools to gain access, with some cases escalating to physical intrusions and USB-based data theft. Stolen material has included PII, legal agreements, and financial records. The group continues to favor extortion-only operations, threatening data publication on LEAKEDDATA if victims do not respond.
Related Happenings
Nissan hit by network compromise
Incident
H score48
First: 29.06.2026 23:40
Last: 29.06.2026 23:40
Sources 1
About this happening:
**Nissan** disclosed a **data breach** affecting **current and former employees** after unauthorized access tied to **Oracle PeopleSoft** exploitation put personnel records at ris...
Nissan hit by network compromise
IncidentAbout this happening: **Nissan** disclosed a **data breach** affecting **current and former employees** after unauthorized access tied to **Oracle PeopleSoft** exploitation put personnel records at ris...
Instructure's Canvas hit by data theft breach
Incident
H score65
First: 26.06.2026 11:00
Last: 26.06.2026 11:00
Sources 1
About this happening:
The **Canvas** incident at **Instructure** exposed confidential **course and user data** after **unauthorized activity** and a later access event, affecting about **160 UK higher...
Instructure's Canvas hit by data theft breach
IncidentAbout this happening: The **Canvas** incident at **Instructure** exposed confidential **course and user data** after **unauthorized activity** and a later access event, affecting about **160 UK higher...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
Campaign
H score60
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
CampaignAbout this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
Latest development: 29.06.2026 23:40
Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor Meta
H score21
First: 07.06.2026 17:09
Last: 07.06.2026 17:09
Sources 1
How related:
After the Conti syndicate shut down in 2022, the group shifted to standalone data theft and extortion operations under the Silent Ransom Group branding.
About this happening:
**Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor MetaHow related: After the Conti syndicate shut down in 2022, the group shifted to standalone data theft and extortion operations under the Silent Ransom Group branding.
About this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law Enforcement
H score39
First: 05.05.2026 13:13
Last: 05.05.2026 13:13
Sources 1
About this happening:
**Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law EnforcementAbout this happening: **Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
Timeline
-
29.05.2026 16:00 4 articles · 1mo ago
Silent Ransom Group targets US law firms with IT impersonation and data theft
Initial DisclosureThe FBI warns that Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider and UNC3753, has targeted US-based law firms since 2023 and, by spring 2026, was impersonating IT staff by phone, phishing email and in-person access attempts to obtain remote access, exfiltrate data with WinSCP or hidden or renamed Rclone, and move stolen data to Google Drive or Microsoft OneDrive.
Show sources
- Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems — www.infosecurity-magazine.com — 29.05.2026 16:00
- Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems — www.infosecurity-magazine.com — 29.05.2026 16:00
- Silent Ransom Group targets law firms with fake IT support calls — www.bleepingcomputer.com — 07.06.2026 17:09
- UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign — thehackernews.com — 08.06.2026 10:39