Home Innovation Security The FBI warns law firms about ...

The FBI warns law firms about rising Luna Moth cyber extortion threats

Security

Business Honor
27 May, 2025

Luna Moth hackers get access to law firms' networks and steal data by posing as calls and emails.

The U.S. Federal Bureau of Investigation (FBI) has issued a warning about a dangerous cybercriminal group called Luna Moth that has been targeting law firms for the past two years. This group uses clever tricks, called social engineering, to break into computers and steal sensitive information.

Luna Moth pretends to be from legitimate companies, often sending fake emails about invoices or subscription payments. In order to receive support, victims are asked to call a phone number in these emails. When the victim calls the criminals guide them to install a remote access program. This lets the hackers take control of the victim’s computer without permission.

Once they have access, Luna Moth steals confidential data and then demands money to stop publishing or selling the stolen information. The FBI says the group has changed tactics recently and now calls employees directly, pretending to be from their company’s IT department. They request that the worker participate in a remote access session, stating that critical work must be completed overnight. The hackers utilize genuine remote access programs like AnyDesk or Zoho Assist to evade detection.

These tools are common and trusted so security systems often don’t notice anything suspicious. They also use programs like WinSCP or Rclone to quietly transfer stolen data to outside servers. The FBI advises companies to watch for unusual connections to unknown internet addresses and to be cautious of calls or emails demanding payment or requesting remote access. People should be especially careful about emails asking them to call a number to cancel services or avoid charges.

Cybersecurity experts also warn about fake websites pretending to be official IT helpdesks. Luna Moth has created many such fake sites to trick victims further. Law firms and financial companies should stay alert and educate their staff about these scams to protect their data and systems.