FBI Warns Law Firms of Luna Moth’s Covert Phishing Operations
May 27, 2025
Data Breach / Social Engineering
The Federal Bureau of Investigation (FBI) has issued a significant alert regarding a series of sophisticated social engineering attacks orchestrated by a criminal group known as Luna Moth. This group has specifically targeted law firms over the past two years, utilizing a range of techniques designed to infiltrate sensitive systems and extract confidential information. According to the FBI’s advisory, the attackers employ IT-themed phone calls alongside callback phishing emails. These tactics are aimed at tricking victims into unwittingly granting the hackers remote access to their devices, ultimately enabling the theft of crucial data.
Active since at least 2022, Luna Moth—also known by names such as Chatty Spider, Silent Ransom Group (SRG), Storm-0252, and UNC3753—has honed its approach by executing a method known as callback phishing. This technique often involves the delivery of phishing emails that appear innocuous and are related to legitimate business activities like invoices or subscription payments. Victims may receive these seemingly benign messages and, upon seeing a listed phone number, unknowingly initiate a call that enables attackers to compromise their systems.
This hacking group’s reputation is built on previous operations, including the notable BazarCall campaigns, which were linked to deploying ransomware variants such as Conti. The emergence of this new wave of attacks indicates an evolution in their tactics, with a heightened focus on the legal sector, which typically handles sensitive client information.
The primary victims of this campaign have been various law firms across the United States, reflecting a broader trend of increased targeting of professional services by cybercriminals. The implications of such breaches can be severe, not just for the immediate victims, but also for the clients they serve, highlighting the need for heightened vigilance in cybersecurity practices within the legal industry.
In the context of the MITRE ATT&CK framework, several adversary tactics and techniques may have been employed by Luna Moth during these attacks. Initial access could have been achieved through the deceptive email correspondence, leading to the subsequent phases of persistence and potential privilege escalation once internal systems are compromised. This structured approach signifies a calculated strategy, aimed at maximizing the attackers’ potential benefits from stolen data.
Law firms must remain proactive in bolstering their cybersecurity defenses, as the tactics employed by Luna Moth illustrate a growing trend in cyber threats targeting high-value organizations. By understanding the techniques outlined by the MITRE ATT&CK framework, business owners can better assess their vulnerabilities and develop strategies to mitigate the risk of such stealthy and damaging campaigns in the future. The FBI’s warning serves as a critical reminder that cybersecurity vigilance is essential in today’s increasingly treacherous digital landscape.
