Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms

A financially motivated threat cluster, UNC3753, has been targeting US law firms and organizations with a fast-tempo campaign using vishing and social engineering tactics to gain remote access and steal sensitive data. The threat actors use pretexts like data migration or invoice emails to initiate phone conversations and convince targets to download RMM utilities. This allows them to either directly exfiltrate data or manipulate victims into doing so. The campaign has resulted in data theft and extortion demands. To safeguard against this, organizations should be cautious of benign-looking emails and implement robust endpoint and infrastructure security measures.