Silent Ransom Group Uses In-Person Social Engineering to Breach Law Firms
A ransomware operation known as Silent Ransom Group has adopted an unusually direct approach to hacking: sending physical operatives posing as IT support staff to law firm offices.
According to warnings from Google and the FBI, the group targets organizations by first recruiting individuals—often overseas—to travel to victim offices disguised as IT technicians. Once inside, these operatives use USB drives to steal data or install remote access tools that give the attackers a foothold into corporate networks.
This in-person social engineering tactic represents a notable escalation beyond traditional remote cyberattacks. By leveraging trust and physical access, the group can bypass typical security measures like network firewalls and multi-factor authentication that remote attackers must navigate.
Law firms have been specifically targeted, likely due to the sensitive client data they hold and their historical reputation as softer targets compared to more heavily fortified financial or government institutions.
Security researchers note that organizations should verify the credentials of any IT personnel arriving on-site, implement strict USB device policies, and maintain visitor logs that can help detect unauthorized access attempts.