Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms
Essential information
- Published
- 05/06/2026 20:07
- Modified
- 08/06/2026 08:53
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- bazarloader silentnight trickbot ursnif
- Tags
- 2026-06-05 bazarloader silentnight trickbot ursnif
- Related entities
- 6 indicators, 6 observables, 1 intrusion sets (apt), 7 malware, 6 others
Description
From January through May 2026, a financially motivated data theft extortion campaign executed by threat cluster UNC3753 targeted dozens of organizations across professional, legal, and financial services in the United States. The threat actors leverage voice phishing and social engineering techniques, posing as IT support to convince targets to host screen-sharing sessions and download remote monitoring and management utilities. Once inside environments, they conduct searches to locate and exfiltrate highly sensitive data including proprietary legal agreements, personally identifiable information, and financial records for subsequent extortion demands. The entire attack sequence often occurs within a single business day, with recent incidents showing data theft initiated in under an hour. Notably, threat actors have also accessed victims' systems in person, with individuals posing as IT technicians entering corporate offices to attempt direct exfiltration using USB storage media.