THE active UNC3753 vishing campaign targets US law firms and financial services, utilizing social engineering and remote access tools to steal sensitive data. The attackers initiate the scheme with generic invoice emails to establish trust, followed by phone calls from impostors posing as IT personnel. Victims are persuaded to start screen-sharing sessions where attackers install remote management software for data extraction.
The campaign has demonstrated quick data theft and extortion tactics, warning victims of regulatory repercussions if they do not comply. Organizations are advised to train staff in verifying IT requests and monitor for unusual activities to mitigate risks.