A recently identified ransomware group, known as Silent Ransom, has been targeting law firms in the US, leveraging DNS fast flux techniques to conceal its command and control (C2) infrastructure. This approach enables the group to rapidly change the IP addresses associated with its domains, making it challenging for security teams to track and disrupt their operations. By utilizing fast flux, Silent Ransom can maintain a high level of anonymity, increasing the difficulty of attributing the attacks to the group. The use of this tactic allows the group to stay under the radar, prolonging the time available to exfiltrate sensitive data and demand ransom payments1. This matters to security practitioners because understanding the tactics, techniques, and procedures (TTPs) employed by Silent Ransom can inform the development of more effective defense strategies against similar threats.
Silent Ransom Group Uses DNS Fast Flux in Attacks
⚡ High Priority
Why This Matters
Focusing on hacking law firms in the US, the ransomware group relies on fast flux to hide its C&C infrastructure.
References
- SecurityWeek. (2026, June 8). Silent Ransom Group Uses DNS Fast Flux in Attacks. *SecurityWeek*. https://www.securityweek.com/silent-ransom-group-uses-dns-fast-flux-in-attacks/
Original Source
SecurityWeek
Read original →