Threat intelligence firm Resecurity has released details regarding the latest activities of the Silent Ransom Group (SRG), a notorious cyber extortion group that’s been active since 2022. According to Resecurity’s cyber threat intelligence team, the hackers have built a hidden setup to keep their data leak websites online and evade law enforcement.

As per their investigation, the group uses a trick called fast flux to stay hidden. This technique links their websites to a rotating network of normal home internet connections, modems, and routers across 18 countries, including Mexico, Brazil, Argentina, and South Korea. Since the internet addresses change every few minutes, it is very hard for internet providers to shut down the infrastructure.

This specific technique has caught the attention of global authorities. Hackread.com previously reported on a joint advisory by international agencies, including the NSA, CISA, and the FBI, which declared fast flux a national security threat being used by both scammers and state-sponsored hackers to conceal malicious servers.

Researchers noted that this group heavily focuses on targeting top law firms , which is mainly because these firms hold highly confidential client information, such as ongoing lawsuits and intellectual property. That’s what makes them the prime targets, as hackers believe they may pay a ransom quickly to protect their reputation and avoid legal consequences. In the first three months of 2026, law firms made up nearly a quarter of all tracked hacking incidents.

Another unique aspect is that SRG doesn’t use conventional ransomware to lock computer systems. They focus entirely on data theft and extortion, threatening to release the files on a public website called business- data-leaks.com if victims refuse to pay.

They also branded themselves as LeakedData until December 2024, a public name they still use on the platform today. Until the start of June 2026, researchers found that this site featured close to 100 victim companies.

The group uses several clever ways to infiltrate networks. They often trick workers through vishing (voice phishing) or social engineering attacks, in which they make phone calls as IT support personnel and convince them to grant access to internal systems. Or else, they can send hired operatives to law firm offices, pretending to be tech support staff to bypass physical security and steal data directly from local computers. At least 38 law firms have had data leaked because of these tactics.

Hackread.com previously covered this group in November 2023, when an FBI advisory warned that SRG was targeting casino vendors and using callback phishing to trick victims into downloading malicious tools. Later, in May 2025, we reported the group’s sudden but calculated shift towards law firms, calling workers directly to get them to install remote access software .

In this research, shared exclusively with Hackread.com, Resecurity reveals that the group’s setup relies heavily on consumer internet service providers (ISPs) rather than data centres.

“ 22 unique ISPs across 24 IPs, nearly every IP is on a different internet service provider. This is… the definitive fingerprint of a botnet drawing from infected devices worldwide. This is a professional-grade fast-flux botnet, not an amateur setup. The operator controls at least 24 compromised hosts and uses them to hide their infrastructure behind rotating residential IPs, “ researchers explained in the blog post .

A recent analysis also linked them to a new project that emerged in May 2026 called Spy Corporate, which uses the same network of broken home routers to run another leak site. Resecurity is sharing this data so internet providers can block these connections.

SRG’s latest activity shows why this group remains a serious problem for legal organizations. It is not only stealing data, but it is also building infrastructure that is harder to remove and using human contact, fake IT support, and remote access tools to get inside firms that hold sensitive client records.

Additionally, blocking a single website or IP address will not solve that problem. Law firms need stricter checks for support requests, tighter remote access controls, staff who know how to spot phone-based scams , and a clear way to report suspicious contact before files leave the network.

Your email address will not be published. Required fields are marked *