Even your physical offices aren't safe from hackers

SRG hit dozens of US firms using IT‑support impersonation, including in‑person intrusions

Attackers stole data via onsite USB exfiltration, then extorted victims

Group linked to BazarCall, Conti, and Ryuk, with law firms a primary focus

Hackers known as Silent Ransom Group (SRG) have been targeting different businesses in the US, compromising “dozens” between January and May 2026, experts have warned.

Cybersecurity researchers at Google Mandiant and Google Threat Intelligence Group (GTIG) have echoed warnings shared by the FBI, noting how the hackers, also known as Chatty Spider, Luna Moth, or UNC3753, targeted primarily firms in professional, legal, and financial services.

Their tactic is simple - impersonate the IT department, trick victims into granting access to their computers, then use that access to either deploy infostealers, or to steal files right on the spot.

Walking into offices

In some cases, the hackers would call their victims on the phone and pretend to be IT support - similar to what ShinyHunters used to do last year. However, SRG took the scam to a whole new level by having its members walk into their targets’ offices - in the flesh - and use the computers on the spot.

"By sending someone in-person to the victim's location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim's computer," the FBI said at the time.

Once they steal the data, the attackers begin ransom negotiations, offering to delete the files in exchange for payment. Victims are usually warned that the data will be leaked publicly if they refuse to comply, and a dedicated website is propped up for that purpose, as well.

SRG was first seen back in 2022, and while it struck organizations in different industries, it is primarily focused on law firms in the US. Some sources said the group was previously linked to BazarCall campaigns, as well as Conti and Ryuk ransomware incidents.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.