Silent Ransom Group targets law firms with fake IT support calls

Mandiant and FBI reporting shows the Silent Ransom Group (UNC3753) is actively targeting U.S. law firms and professional services with invoice‑themed callback phishing and impersonation of IT staff to initiate remote support sessions, install remote access tools (AnyDesk, Zoho Assist, Bomgar, SuperOps), and rapidly exfiltrate sensitive legal and financial files (using WinSCP/Rclone); attackers then issue fast, aggressive extortion demands and publish stolen data on fast‑flux protected leak sites. The advisory highlights in‑person imaging incidents, phishing domain patterns, use of privnote to hide commands, and recommends strict verification for IT interactions, limiting remote access, enforcing MFA, restricting USBs, and employee training.