When cybercriminals hire burglars: Inside an alleged Russian effort to infiltrate multibillion-dollar US law firms
When Cybercriminals Hire Burglars: Inside an Alleged Russian Effort to Infiltrate Multibillion-Dollar US Law Firms
When cybercriminals hire burglars – In a growing trend of cybercrime, the Russian-speaking Silent Ransom Group is reportedly using a novel strategy: recruiting individuals in the United States to carry out physical attacks on law firms. This tactic, which combines digital hacking with in-person intrusion, has raised concerns among cybersecurity experts and law enforcement agencies. According to the FBI, the group has launched multiple attempts to access law firms’ premises, often under the guise of IT support, to obtain sensitive data through direct physical interaction.
April’s Urgent Call
The strategy was first spotted in April when a lawyer at a New Jersey-based firm received a call from someone claiming to be from IT support. The caller insisted that a virus was spreading rapidly and required immediate physical intervention. “Remote fixes weren’t sufficient,” the voice on the line explained, prompting the lawyer to invite the individual to his desk. The next day, the firm’s receptionist informed staff that a person had arrived claiming to be part of the IT team. “That’s when an alarm bell went off,” said Leeann Nicolo, a cybersecurity incident response specialist with Coalition, the insurance firm hired to investigate. She noted that the unexpected visit from someone identifying as IT support was suspicious, especially since the visitor quickly exited the building when the lawyer approached the front desk.
Nicolo’s observation highlights a key aspect of the group’s approach: using physical access to circumvent digital defenses. While hackers typically rely on remote exploits, this method allows them to bypass anti-virus protections that are often more effective when defending against virtual threats. “They’re using human agents as a way to breach systems that might otherwise be secure,” she explained, emphasizing that the tactic leaves a trail of evidence, such as surveillance footage, which can be analyzed by the FBI.
Outsourcing Burglary for Cybercrime
According to cybersecurity professionals, the Silent Ransom Group has been offering payments of up to $500 to individuals willing to visit law firms and plug in USB drives. This is part of a broader strategy to enhance their ability to extort large sums from clients. “The hired hands are essentially cannon fodder,” said one expert familiar with the group, describing how these operatives serve as expendable assets in the larger cybercrime war. The group’s financial gains, which have reportedly totaled tens of millions of dollars, contrast sharply with the minimal cost of this approach.
When digital attacks alone do not yield enough data for high-profile ransom demands, the group escalates its efforts. By outsourcing burglary, they can gain direct access to law firm computers, which is crucial for obtaining information that strengthens their position in negotiations. “The goal is to maximize leverage,” a law enforcement official tracking the group told CNN. “They want to have the upper hand when they ask for money.” If a firm refuses to pay, the stolen data is leaked, potentially causing significant reputational and financial damage.
Exemplary Incidents and Tactics
One notable example involved a man who entered a law firm in New York, claiming to be IT support. During the encounter, he spoke Russian into his smart glasses, likely to transmit real-time footage of the computers to cybercriminals. Before he could reach the target lawyer’s desk, another member of the group called the lawyer’s phone, impersonating a FedEx dispatcher to distract him. Despite the intrusion, the firm’s cybersecurity measures ultimately thwarted the attack, according to a researcher familiar with the case.
These incidents are not isolated. The FBI has confirmed that the group has conducted numerous physical access attempts in cities across the United States, including Washington, D.C. “It’s a rare move for hackers,” said the researcher, “but it shows they’re becoming more aggressive in their methods.” By blending digital and physical threats, the group creates a dual-layered attack that is harder to detect and respond to. This approach also allows them to gather data that can be used to pressure firms into paying ransoms, making their extortion efforts more effective.
The cybersecurity executive who facilitated payments to the group noted that the Silent Ransom Group is uniquely positioned to exploit this hybrid strategy. “They’re targeting every major law firm in the country,” they said, underscoring the group’s intent to maximize their financial returns. This method has already netted the group approximately $100 million in the last six months alone, according to an estimate from a private source. The scale of these operations suggests that the group is not just a local threat but a well-organized international entity.
A New Dimension in Cybersecurity Threats
Genevieve Stark, a cybersecurity analyst at Google Threat Intelligence Group, pointed out that this tactic represents a shift in how cybercriminals operate. “Many threat actors have focused on digital attacks because they’re easier to execute remotely,” she said. “But now they’re adding a physical component, which could be a critical blind spot for organizations.” This dual approach complicates the work of security teams, which often specialize in one type of threat or the other.
While the FBI has not yet commented on the specific details of the group’s operations, its statement confirms that the Silent Ransom Group is the only known data extortion group using physical access to its victims. “There have been numerous physical attempts,” the bureau noted, highlighting the strategic importance of in-person intrusions. The group’s ability to execute these operations without being detected suggests a high level of coordination and planning.
As cybercriminals grow bolder, the need for integrated security strategies becomes more pressing. Experts warn that law firms and other organizations must now prepare for threats that combine digital and physical elements. “This could redefine how we approach cybercrime prevention,” Stark said. “We’re seeing a new era of attacks that are more sophisticated and harder to trace.” The Silent Ransom Group’s tactics are a reminder that the future of cybercrime may involve not just hackers, but teams of operatives working together to achieve their goals.
