HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Silent Ransom Group Deploys Fake IT Support Calls and Physical Impersonation to Extort U.S. Law Firms

The FBI alerts that Silent Ransom Group is using phishing, spoofed IT support phone calls, and on‑site impersonation to steal data from U.S. law firms for ransomware extortion. The tactics bypass technical controls, creating a high‑risk scenario for professional‑services vendors and their downstream partners.

LiveThreat™ Intelligence · 📅 May 29, 2026· 📰 techrepublic.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
5 recommended
📰
Source
techrepublic.com

Silent Ransom Group Uses Fake IT Support Calls and In‑Person Visits to Target U.S. Law Firms

What Happened — The FBI has issued a warning that the criminal outfit known as Silent Ransom Group is conducting a multi‑vector social‑engineering campaign against U.S. law firms. Attackers combine phishing emails, spoofed “IT support” phone calls, and on‑site impersonation of technology staff to trick employees into revealing credentials and handing over sensitive client data, which is then leveraged for ransomware extortion.

Why It Matters for TPRM

  • Social‑engineering attacks bypass technical controls, exposing gaps in vendor‑managed access processes.
  • Law firms often handle highly confidential client information; a breach can cascade to downstream vendors and partners.
  • The use of physical impersonation expands the attack surface beyond digital channels, demanding broader security governance.

Who Is Affected — Professional services firms, specifically U.S. law practices and any third‑party providers (e.g., cloud hosts, document‑management platforms) that support them.

Recommended Actions

  • Verify all IT support requests through a pre‑established, out‑of‑band channel.
  • Conduct phishing‑simulation training focused on “IT support” scenarios for legal staff.
  • Review and tighten third‑party access policies, especially for remote support vendors.
  • Deploy MFA for privileged accounts and monitor for anomalous privileged activity.
  • Incorporate physical‑security checks for any unscheduled on‑site visits claiming to be technical staff.

Technical Notes — Attack vector: PHISHING combined with social engineering (spoofed phone calls and physical impersonation). No known software vulnerability or CVE is involved; the campaign relies entirely on human‑factor exploitation. Source: TechRepublic Security

📰 Original Source
https://www.techrepublic.com/article/news-silent-ransom-group-physical-impersonation-fbi-warning/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Security Awareness

Phishing and social engineering are a people-and-policy problem.

The Verisq AI Trust Operations platform pairs Security Awareness Training with policy adoption tracking, so human-risk controls are documented and audit-ready.

Explore the Verisq AI Trust Operations platform →