THE Mandiant report documents a targeted extortion campaign by the threat cluster UNC3753 targeting US law firms and professional services from January to May 2026. The group employs techniques such as voice phishing and social engineering to gain remote access, often posing as IT support. After infiltrating systems, they exfiltrate sensitive data for financial gain, using methods like screen-sharing software and cloud storage.
They threaten victims with aggressive ransom communications, emphasizing potential reputational damage and legal consequences. Recommendations for prevention include user education, strict access controls, and monitoring for suspicious activity.