The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant.
The report follows an FBI FLASH advisory published last week warning that the Silent Ransom Group was targeting U.S. law firms in social engineering and even in-person data theft attacks, with Mandiant now providing additional technical details about how the intrusions are conducted.
Mandiant says the threat group, tracked as UNC3753, Luna Moth, and Chatty Spider, targeted dozens of organizations across the legal, financial, and professional services sectors between January and May 2026.
Mandiant warned that legal firms remain especially attractive targets because they store large volumes of highly sensitive client information and may feel pressured to resolve extortion incidents to avoid reputational and regulatory damage.
"Legal services firms represent high-value targets for extortion actors. They maintain concentrated repositories of extremely sensitive client transaction files, merger and acquisition plans, client trade secrets, and corporate regulatory reports," explains Mandiant.
