Washington, D.C. — May 23, 2025 — The Federal Bureau of Investigation (FBI) has issued a Private Industry Notification alerting law firms to a surge in cyberattacks orchestrated by the Silent Ransom Group (SRG), also known as Luna Moth. This threat actor employs a tactic known as "callback phishing" to infiltrate legal organizations, aiming to exfiltrate sensitive data and extort victims.
In these attacks, SRG sends deceptive emails to law firm employees, often posing as representatives from trusted organizations. The emails prompt recipients to call a provided phone number to resolve a fabricated issue, such as a pending charge. Once on the call, attackers use social engineering techniques to persuade victims to install legitimate remote management tools like AnyDesk or TeamViewer. These tools grant the attackers unauthorized access to the firm's network, allowing them to escalate privileges, exfiltrate data, and deploy ransomware.
The FBI emphasizes that callback phishing is particularly dangerous due to its low detection rate and cost-effectiveness. Law firms, which handle vast amounts of confidential client information, are especially attractive targets for such cybercriminal activities.
Recommended Mitigations:
Train staff to recognize and resist phishing attempts
Develop and clearly communicate internal IT authentication policies
Maintain regular, secure backups of company data
Implement two-factor authentication (2FA) for all employee accounts
Practice basic cyber hygiene such as using strong passwords, enabling multifactor authentication, remaining alert to suspicious activity, and ensuring antivirus software is installed and up to date
How Your MSP Can Help Safeguard Your Firm
As your trusted Managed Service Provider, we implement and manage every layer of protection recommended by the FBI to reduce your firm’s exposure to threats like SRG. We use enterprise-grade tools to enforce strict application control policies that prevent unauthorized software from running. We deliver continuous employee security awareness training, create clear internal processes for IT verification, and deploy enterprise-grade endpoint protection to catch threats before they spread. Our team also manages encrypted, versioned backups offsite, and enforces 2FA across all access points to your firm’s network and cloud services. With our proactive approach to cyber hygiene and threat monitoring, your law firm can stay compliant, secure, and focused on client work — not crisis response.
Law firms are urged to remain vigilant and report any suspicious activities to the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov.