A financially motivated threat group, identified as UNC3753 or the Silent Ransom group, is targeting US law firms, professional services, and financial organizations in a severe data theft and extortion campaign. Utilizing a blend of social engineering tactics, including vishing, and impersonation of IT staff, the group aims to secure access to sensitive data.
Between January and May 2026, UNC3753 executed numerous attacks, leveraging benign-looking emails to instigate phone conversations that led to screen-sharing sessions. Once inside the victim’s network, the attackers swiftly exfiltrate important data, often demanding ransom shortly after. Recommendations for organizations include user education on vishing and strengthening remote access controls.