Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms

GTIG assesses that UNC3753 (aka Luna Moth / Chatty Spider / Silent Ransom Group) conducts financially motivated extortion and data theft against U.S. legal and professional services organizations using social-engineering (phone-based vishing), RMM tools, and phishing infrastructure; the group has escalated tactics to include in-person physical intrusions to exfiltrate data to removable media. The report provides attribution rationale, lists a data-leak site and IOCs, and offers mitigations covering user education, physical access controls, RMM/app whitelisting, removable-media hardening, and network/egress monitoring.