HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Silent Ransom Group Uses In‑Person IT Impersonation to Extort Law Firms

Silent Ransom Group escalates its social‑engineering campaign by sending actors to law‑firm offices posing as IT staff, gaining remote or physical access, stealing confidential data, and demanding ransom. The FBI warns that traditional AV tools often miss these attacks, underscoring a critical third‑party risk for legal service providers.

LiveThreat™ Intelligence · 📅 May 27, 2026· 📰 helpnetsecurity.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
helpnetsecurity.com

Silent Ransom Group Uses In‑Person IT Impersonation to Extort Law Firms

What Happened – The criminal outfit known as Silent Ransom Group (aka Luna Moth, Chatty Spider, UNC‑3753) has escalated its social‑engineering campaign against law firms. After phishing emails and phone calls that masquerade as internal IT support, the group sometimes sends a person to the victim’s office claiming to be IT staff, gains physical or remote desktop access, copies data, and then threatens ransom.

Why It Matters for TPRM

  • Physical‑plus‑digital intrusion bypasses many traditional network‑only controls.
  • Data exfiltration from legal practices can expose privileged client information, creating regulatory and reputational risk for both the firm and its service providers.
  • The tactic highlights the need for robust verification of any IT assistance request, whether remote or on‑site.

Who Is Affected – Professional services, specifically law firms; the group has also hit insurance, finance, and healthcare firms in the past.

Recommended Actions

  • Verify the identity of anyone claiming to be internal IT before granting remote or physical access.
  • Enforce MFA for all privileged accounts and restrict the use of unmanaged remote‑access tools.
  • Conduct regular employee training on callback phishing and on‑site impersonation scenarios.
  • Review and harden help‑desk procedures for password resets and access requests.

Technical Notes – Attack vector combines phishing, phone‑based social engineering, and physical impersonation. No known malware signatures; attackers rely on legitimate system‑management tools. Data stolen includes emails, documents, and client records, later used for extortion. Source: Help Net Security

📰 Original Source
https://www.helpnetsecurity.com/2026/05/27/fbi-silent-ransom-group-law-firms-social-engineering/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Security Awareness

Phishing and social engineering are a people-and-policy problem.

The Verisq AI Trust Operations platform pairs Security Awareness Training with policy adoption tracking, so human-risk controls are documented and audit-ready.

Explore the Verisq AI Trust Operations platform →