← Back to news

Silent Ransom Group Uses DNS Fast Flux in Attacks

SecurityWeek08/06/2026, 10:31
Read full article →

Summary

AI-Generated

Key Points:

  • The Silent Ransom Group (SRG) employs a fast flux network to obscure its infrastructure while executing ransomware attacks, primarily targeting law firms and other industries handling sensitive data.
  • The group utilizes voice phishing (vishing) and social engineering tactics to gain remote access, focusing on lateral movement and data exfiltration rather than deploying file-encrypting malware. This has led to significant impacts on the legal industry.
  • Organizations should enhance their email security protocols, train employees to recognize phishing attempts, and monitor for unusual network activity indicative of lateral movement or unauthorized access.

Technical Details: SRG leverages a fast flux technique, rotating DNS records across numerous compromised devices to conceal server locations. They have been active since at least 2022 and are associated with various malware families like TrickBot and Ursnif.

MITRE ATT&CK Techniques:

  • T1566 - Phishing (Initial Access)
  • T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
  • T1021.001 - Remote Services: Remote Desktop Protocol (Lateral Movement)
  • T1041 - Exfiltration Over Command and Control Channel (Exfiltration)

IOCs Mentioned:

  • Domains: ep6pheij[.]com, business-data-leaks[.]com

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.