Silent Ransom Group Uses DNS Fast Flux in Attacks

Focusing on hacking law firms in the US, the ransomware group relies on fast flux to hide its C&C infrastructure. The post Silent Ransom Group Uses DNS Fast Flux in Attacks appeared first on SecurityWeek .

The article describes the Silent Ransom Group (SRG), a data-theft and extortion operation targeting primarily U.S. law firms, which uses DNS fast flux networks of compromised IoT and customer-premises devices to hide and harden its command-and-control and data leak infrastructure.[2][3] Fast flux rapidly rotates DNS records and IPs, often across many countries and ISPs, making takedown, tracking, and blocking significantly harder for defenders.[3][4][7] From a CyberSE.AI perspective, these same resilient, flux-based C2 and exfiltration techniques can be used to manage AI-powered extortion tooling, support automated phishing and social engineering for initial access, and maintain robust channels for data theft against AI-enabled organizations. Security teams should assume that such infrastructure can underpin adversarial AI workflows and therefore incorporate DNS-behavior analytics, fast-flux detection, and continuous red teaming against AI-driven phishing and data-exfiltration paths into their defenses.