ZeroFox Intelligence Flash Report - Threat Collective Conducting In-person Data Theft

Product Serial: F-2026-06-01a

TLP:CLEAR

In this Flash Report, ZeroFox researchers report on the ransomware and digital extortion (R&DE) Silent Ransom Group (SRG) collective utilizing in-person data theft, in addition to routine social engineering techniques such as phishing emails or phone calls.

Standing Intelligence Requirements

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here

Key Findings

On May 26, 2026, the Federal Bureau of Investigation (FBI) issued a report highlighting that the ransomware and digital extortion (R&DE) collective Silent Ransom Group (SRG) is conducting physical security breaches against victim infrastructure, in addition to routine social engineering techniques such as phishing emails or phone calls.
This is the first observed example of an R&DE collective that has visited a target organization in person to gain physical access to its systems. It demonstrates an added threat that will likely inspire other R&DE collectives.
In December 2024, ZeroFox identified a leak site called "LeakedData" (hosted at hXXp://business-data-leaks[.]com), which is almost certainly SRG’s official leak site, given the victims listed on this site majorly overlap with the entities targeted in SRG’s recent in-person data theft campaign.
Although physical intrusion operations require greater resources and carry higher operational risks than traditional cyberattacks, the success of such campaigns is likely to form a blueprint for other R&DE operations against high-value targets.