UNC3753: Hybrid Vishing and Physical Infiltration via RMM Tools
UNC3753, also identified as the Silent Ransom Group, is conducting a sophisticated hybrid extortion campaign targeting United States law firms. The threat actor bypasses traditional digital perimeters by combining voice phishing (vishing) with physical social engineering to gain onsite access to office premises. Once physical access is achieved, the actors deploy Remote Monitoring and Management (RMM) tools to establish persistent command-and-control (C2) capabilities. This facilitates the targeted exfiltration of sensitive legal documentation and attorney-client privileged data, which is subsequently leveraged for financial extortion. This campaign represents a critical risk to data confidentiality, physical security protocols, and professional privilege.