The Federal Bureau of Investigation (FBI) has issued a warning that cyber criminals are resorting to in-person attacks by impersonating IT support staff at companies to gain access to critical computer systems.
Silent Ransom Group Tactics
A hacking collective known as Silent Ransom Group (SRG) has been turning up to offices in the United States pretending to be professional IT workers. After gaining an employee's trust, the impersonator secretly installs malware on their device and steals sensitive files that can later be used to ransom the company.
The FBI noted that SRG has been operating since 2022 but has recently shifted from remote cyber attacks to in-person hacks. The primary targets have been US-based law firms, though the alert warned that the medical and insurance sectors may also be at risk due to the highly sensitive nature of the data they hold.
“The cyber threat actor Silent Ransom Group... is targeting law firms using information technology (IT) themed social engineering calls, then sending an individual posing as an IT support employee to the firm in-person, after which they insert a storage device into a computer to steal sensitive data to extort the victims,” the FBI alert stated.
“Similar to their phishing emails, once SRG exfiltrates data they extort the victim by sending them a ransom email threatening to sell or post the data online.”
Low-Tech Methods in a High-Tech World
The trend illustrates how hackers are resorting to surprisingly low-tech methods to carry out cyber attacks in the face of advanced AI defence systems. Cyber security defenders are adopting artificial intelligence at scale, with Microsoft recently revealing a platform that uses more than 100 AI agents to discover vulnerabilities.
Last month, Anthropic unveiled a “superhuman” AI system called Mythos that can find unpatched vulnerabilities in security tools on an unprecedented scale. The AI startup stated that AI models have now reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.
A new initiative called Project Glasswing has brought together Amazon Web Services, Apple, Google, Linux, Microsoft, Mozilla, Nvidia and other leading tech firms to use Mythos to secure the world’s most critical software.
AI Threats and Defences
Attackers are also increasingly turning to AI to bypass cyber defences, using tools like voice cloning for phishing calls or deepfakes of company executives in professional video calls. AI agents can be adapted to autonomously perform tasks in minutes—such as stealing credentials or deploying malicious payloads—that would typically take high-level attackers hours or even days.
Cyber security professionals warned that implementing advanced AI-powered security systems is not enough to ensure protection. Companies need strong defences throughout their organisation. The latest FBI warning suggests a “basic failure of layered security” among some firms, according to Bogdan Botezatu, senior director of threat research at Bitdefender.
“The ‘low-tech’ nature of the attack is exactly the point. Criminals do not use advanced techniques because they are fashionable; they use whatever works,” he said. “Posing as IT support, walking into an office, plugging in a USB drive and copying files is crude, but it can be very effective if the target has weak physical security, poor employee verification procedures, and no controls around removable media.”
“This campaign is a reminder that cybersecurity is not only about AI, zero-days and malware. Sometimes the breach starts with someone at reception believing a stranger who says they are from IT.”
