Law firms across the US are being targeted by increasingly sophisticated threat actors who are moving beyond traditional phishing tactics, now posing as trusted IT staff in both phone calls and face-to-face encounters to infiltrate corporate systems. In a recent FBI Flash Alert, the Bureau said that the Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider and UNC3753, said the group has consistently targeted US-based law firms since 2023. SRG has victimized companies in other sectors including insurance, finance and healthcare. The FBI noted that historically the threat actor sent phishing emails purportedly to charge small “subscription fees” to gain access to victim networks. To cancel the fake subscription, the victim was instructed to call the threat actor who then emailed a link which would lead the victim to download remote access software. This tactic, known as callback and telephone-oriented attack delivery (TOAD), was detailed by Palo Alto Networks Unit 42 back in 2022. At the time, Unit 42 said that the campaign had already cost victims hundreds of thousands of dollars. The group has now evolved its social engineering campaign and the FBI said as of spring 2026 it had been observed impersonating staff from the victim’s IT department. The scam involves SRG actors either directly calling or sending phishing emails to the target urging employees to call the SRG actor posing as IT support. Once on the phone, employees are directed to grant access to a remote desktop session. If this fails, the SRG actor sends a threat actor to the victim’s physical location to gain access to insert a storage device into the victim’s computer. In this scheme, the threat actor tells the victim they need to image the device or create a backup file to address potential impacts from the phishing email. Once access is gained, the SRG actor minimally escalate privileges and quickly pivot to data exfiltration without encryption.