Summary
Key Points:
- The Silent Ransom Group (SRG) employs a fast flux network to obscure its infrastructure while executing ransomware attacks, primarily targeting law firms and other industries handling sensitive data.
- The group utilizes voice phishing (vishing) and social engineering tactics to gain remote access, focusing on lateral movement and data exfiltration rather than deploying file-encrypting malware. This has led to significant impacts on the legal industry.
- Organizations should enhance their email security protocols, train employees to recognize phishing attempts, and monitor for unusual network activity indicative of lateral movement or unauthorized access.
Technical Details: SRG leverages a fast flux technique, rotating DNS records across numerous compromised devices to conceal server locations. They have been active since at least 2022 and are associated with various malware families like TrickBot and Ursnif.
MITRE ATT&CK Techniques:
- T1566 - Phishing (Initial Access)
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
- T1021.001 - Remote Services: Remote Desktop Protocol (Lateral Movement)
- T1041 - Exfiltration Over Command and Control Channel (Exfiltration)
IOCs Mentioned:
- Domains: ep6pheij[.]com, business-data-leaks[.]com
Join the discussion — sign up to comment, upvote, and save articles.