The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.
June 8, 2026
A financially motivated threat group is targeting US legal, professional and financial services firms in a data theft extortion campaign using a combination of phishing, voice impersonation tactics, and legitimate remote access tools.
Google's Mandiant division attributed the activity to UNC3753, a threat cluster associated with the Silent Ransom group, which is known for stealing high-value data from victims and then extorting ransoms from them under the threat of public disclosure.
Between January and May 2026, the group targeted dozens of organizations with social engineering attacks to gain initial access to victim environments.
