If you don't fall for these extortionists' calls, they'll show up with USB sticks

Google Mandiant reports that UNC3753 (also tracked as Luna Moth / Silent Ransom Group) has targeted dozens of US banks, law firms, and professional services firms using invoice-themed phishing to initiate phone-based helpdesk impersonation, remote screen-sharing and VDI abuse; when social engineering fails, attackers have attempted in-person physical intrusions to steal data via USB. The group conducts rapid intrusions (sometimes completing theft-to-extortion within hours), targets legal and financial documents containing PII and tax records, uses tools like portable WinSCP/Rclone or victim browser uploads to exfiltrate data, and issues extortion demands within roughly 30 minutes of exfiltration; the report includes IOCs and recommended mitigations (visitor controls, conditional access, and blocking unauthorized remote support utilities).