A cyber extortion group linked to the now-defunct Conti ransomware syndicate is increasingly targeting U.S. law firms through a mix of phishing, fake IT support calls, and even in-person visits to steal sensitive data, according to a new FBI warning.

In a public advisory issued Tuesday, the FBI said the group, known as Silent Ransom Group (SRG), has consistently targeted U.S. law firms since 2023 using social engineering schemes to gain remote access to corporate systems and exfiltrate data.

Also tracked as Luna Moth, Chatty Spider and UNC3753, the group focuses on data theft and extortion rather than encrypting victims' networks. Once data is stolen, the attackers threaten to publish it on their leak site or sell it unless a ransom is paid.

The latest campaign, observed this spring, involves attackers posing as internal IT personnel. Victims receive phone calls or phishing emails urging them to contact what appears to be a company help desk. During those interactions, employees are persuaded to grant remote desktop access to their computers, allowing attackers to move quickly through corporate systems and steal files.

If those efforts fail, the group may send an individual to a victim's office to obtain physical access to a computer, the FBI said. The person may claim they need to create a backup or image a device to address a purported security issue, then use external storage devices to copy data onto hard drives or USB devices.

The bureau said the group's activity can be difficult to detect because it relies heavily on legitimate remote management and system administration tools commonly used by corporate IT departments. Stolen data is often transferred through trusted cloud platforms such as Google Drive and Microsoft OneDrive, allowing malicious activity to blend in with normal business operations.

Silent Ransom Group has been active since at least 2022 and emerged following the collapse of the Conti ransomware syndicate. Earlier versions of its operations relied on phishing emails promoting fake subscription charges, with victims instructed to call a phone number and download remote access software to resolve the issue.

Law firms remain particularly attractive targets because they hold large volumes of sensitive legal, financial, and corporate information, the FBI said. The bureau issued a similar warning about the group's activities in 2025.

Beyond law firms, SRG has also targeted organizations in the healthcare, insurance and financial sectors, according to the FBI.

The agency did not specify how many U.S. law firms were targeted in the latest campaign or whether any of the intrusions were successful.