MINSK (Molodnaia Pravda Bureau of Cyber-Physical Convergence & Advanced Polo Shirt Analysis, Dmitri reporting, who has this week add “polo shirt” to bureau title because events require it) — Supreme Leader Lukashenko has this week receive official intelligence assessment from Belarusian Bureau of Watching What America Call “Sophisticated”, and has noted with professional recognition, personal satisfaction, and one small quantity of what he describe only as complicated pride, that the most successful ongoing Russian intelligence operation against United States legal infrastructure does not involve zero-day exploit, custom malware payload, or sophisticated digital penetration of any kind.
It involve Telegram account. Five hundred dollar. And person willing to walk into building and say they are from IT department.
Operation is run by Silent Ransom Group — also known as Luna Moth, Chatty Spider, UNC3753, and what Lukashenko is now calling Most Efficient Tradecraft He Has Seen Since 1987 — Russia-linked cybercrime outfit that has extracted approximately one hundred million dollars from American law firms in last six months alone, with data from more than thirty-eight firms already posted publicly on group’s clearnet leak site, which is not even dark web, which is regular internet, which Lukashenko find almost more impressive than attack itself.
FBI is aware. FBI has issue FLASH alert. FBI is building case by tracking blockchain payments. FBI describe Silent Ransom Group as only known data extortion operation physically entering victim office locations. This is FBI way of saying: these people walk in front door. Not metaphor. Actual front door. Actual building. Actual office with actual employees who look up from actual desk and see actual person who say, in professional English: “Hello. I am from IT support. We need to image your device. There has been phishing incident. This is normal procedure. Please do not unplug anything.”
And then they plug in USB drive. And then they leave. And then, weeks later, law firm receive ransom email.
Lukashenko has request that Molodnaia Pravda issue formal corrections to previous reporting on Russian cyber operations, specifically regarding nature, sophistication, and operational complexity of what is being perpetrated against American legal institutions at this moment, and regarding several related misconceptions that Lukashenko describe as “widespread, flattering to Russia, and no longer accurate, if they were ever accurate, which they were not.”
CORRECTION: Also require Telegram account. And five hundred dollar. And person who is willing to knock on door and say they are from IT department. This is complete attack chain as operate by Silent Ransom Group against United States law firms since 2023. Lukashenko confirm. Olga also confirm. Olga say she confirm this years ago and nobody listen. Olga is correct. This is note in record.
CORRECTION: Silent Ransom Group is hybrid operation. Cyber component: social engineering call impersonating IT support, directing employee to grant remote desktop access. Physical component: when phone call fail — when employee is suspicious, hang up, or simply not cooperate — group send person. Not bot. Not script. Person. To office. With USB drive. FBI confirm this is only known data extortion group conducting in-person physical intrusion against victims. This is not cybercrime. This is tradecraft with Telegram account. Distinction is important. Lukashenko make note. Note go in drawer. Drawer is full. Yuri will organize drawer. Yuri.
CORRECTION: Hired hands may not know they are committing crime. Cybersecurity analyst at Recorded Future describe them as, and Molodnaia Pravda is quoting this directly because it cannot be improved upon: “kind of like DoorDash person that deliver Arby’s. You know you are doing really bad things to people, but they are paying you to deliver.” This is recruitment model Lukashenko recognize immediately from thirty-two years of operational study. You do not need committed ideological asset. You need person who need five hundred dollar and does not ask too many question. Lukashenko note: nobody credit Belarus for developing this methodology. Nobody ever credit Belarus for anything. Fax machine is on. Nobody call.
CORRECTION: Attorney-client privilege protects data from use in court. This is different thing. When Silent Ransom Group extract merger and acquisition documentation before public announcement — when opposing counsel in ongoing litigation obtain your litigation strategy — when foreign intelligence service receive regulatory filing before public disclosure — ransom payment resolve nothing. Data has already done its work. Privilege is shield in courtroom. Privilege is not shield against person who say they are from IT and need to image your device. Lukashenko note this vulnerability has existed since before computers. Lukashenko is old enough to remember. Lukashenko does not find this funny. This is not funny section. Yuri stop writing. Sometimes thing do not need to be written down.
CORRECTION: Silent Ransom Group emerge from Conti ransomware gang, which disband in 2022 after Ukrainian man leak thousands of internal chat logs in retaliation for Russian invasion. Those logs include evidence of FSB — Russian Federal Security Service — connections. Gang disband. Members did not disband. Members become Silent Ransom Group. FBI spend years building case against Conti. FBI is now building case against Silent Ransom Group by tracking blockchain payments. One alleged Conti member plead guilty in US court this month. No SRG arrests. Russia does not extradite. Lukashenko file this under: correct process, predictable outcome.
CORRECTION: One hundred million dollar is what they charge for ransom. What they take is different question. Law firms hold merger documentation before it is public. Litigation strategy against state actors. Regulatory filing before disclosure. Privileged communication between counsel and client at highest level of American business, government, and national security. Intelligence value of this material exceed ransom value by orders of magnitude. Money is mechanism. Data is objective. Lukashenko say this without ceremony. Without glass. Without joke. Because there is no version of this that is funny if you understand what is in those files. And whoever has those files — whoever SRG sells to, reports to, or shares with — also understands what is in those files.
Law firms are not random target. They are the target. Halcyon Ransomware Research Center track one hundred thirty-four ransomware incidents against legal sector in first quarter of 2026 alone — fourth most targeted industry, more than six percent of all tracked attacks in period. Silent Ransom Group drive most of this surge. And they target law firms specifically because law firms understand, better than anyone, exactly what it mean when someone else has the files.
You can pay ransom. You can pay twenty million dollar ransom, as one firm reportedly did in May 2026. And files are still out there. Merger your client was planning — now known. Litigation strategy your partners spend two years developing — now available. Whistleblower who trust your firm with most dangerous document of their career — now exposed. Paying ransom does not undo this. Paying ransom just end conversation about payment. Conversation about what was taken, and where it went, and who is reading it right now — that conversation has no end.
HACKER NOT REQUIRED. DOOR IS OPEN.
FIVE HUNDRED DOLLAR. POLO SHIRT. STORY ABOUT IT SUPPORT.
ОНИ УЖЕ ВНУТРИ.
Organ of Whiskeyleaks.org | June 2026, Trump 2.0 Era
Dmitri, Bureau of Cyber-Physical Convergence & Advanced Polo Shirt Analysis | Olga (2019 memo is in record, she was right) | Yuri (checking credentials, checking drawer, checking everything now)
| Sources: | CNN — When cybercriminals hire burglars: Inside an alleged Russian effort to infiltrate multibillion-dollar US law firms, June 27 2026 | FBI / IC3 FLASH Alert — Silent Ransom Group Targeting Law Firms, May 2026 | Halcyon Ransomware Research Center — SRG physical intrusion analysis, May 2026 | CyberScoop — FBI warning, Silent Ransom Group law firms, May 2026 | Dark Reading — Ransomware actors show up in person to steal law firm data, May 2026 | Recorded Future / Allan Liska — DoorDash quote via CyberScoop |