When cybercriminals hire burglars: Inside an alleged Russian effort to infiltrate multibillion-dollar US law firms

When Cybercriminals Hire Burglars: Inside an Alleged Russian Effort to Infiltrate Multibillion-Dollar US Law Firms

April’s Unusual Threat

When cybercriminals hire burglars – In April, a routine call to an executive at a US law firm took an unexpected turn. The voice on the line conveyed a sense of urgency, alleging that a computer virus was spreading through the firm’s network. The caller claimed to be from IT support and insisted on physical access to the lawyer’s computer, arguing that remote fixes weren’t effective enough to halt the attack. The lawyer, believing the caller to be a colleague, agreed to meet at his desk in a New Jersey office. The next day, the firm’s receptionist noted a visitor from IT had arrived at the front desk. “That’s when an alarm bell went off: Why would an IT person need to check in with reception?” said Leeann Nicolo, a cybersecurity incident response specialist at Coalition, the insurance firm hired to investigate. According to Nicolo, the visitor hastily exited the building when the lawyer approached the front desk, raising suspicions of a staged intrusion.

Combining Digital and Physical Tactics

The FBI and private investigators believe the Russian-speaking group known as the Silent Ransom Group has employed a novel strategy involving physical access to law firm premises. This approach, they suspect, is used to bypass digital security measures that are difficult to breach from a distance. By deploying individuals to insert USB drives into computers, the group aims to exploit vulnerabilities in anti-virus defenses. In a private Telegram channel, the group reportedly offers $500 to anyone willing to visit law firms and perform this task. “They’re essentially using these people as cannon fodder in a much larger cybercrime war,” explained a cybersecurity professional familiar with the operation to CNN.

Stealthy Surveillance and Deception

One of the group’s tactics involves using deception to lure targets into a trap. In another incident, a man pretending to be IT support entered a US law firm and began speaking Russian into his smart glasses, likely transmitting real-time data to the hackers. This was part of a broader effort to gather surveillance footage of the office. Meanwhile, another member of the group called the lawyer’s cell phone, impersonating a FedEx dispatcher to draw him away from his desk. The intruder managed to plug in a thumb drive, but the firm’s cyber defenses blocked the attack, according to a cybersecurity researcher who analyzed the case.

Ransom Extortion and Strategic Goals

The Silent Ransom Group’s modus operandi has reportedly yielded substantial returns. A cybersecurity executive who has facilitated payments to the group estimated that the organization has extorted approximately $100 million from law firms in just six months. Other sources suggested the total could be even higher, with at least tens of millions of dollars claimed in ransom payments. The group’s strategy appears to target sensitive data, which is then leveraged during high-stakes ransom negotiations. If firms refuse to pay, the hackers threaten to leak the stolen information, giving them leverage in the process.

A Growing Trend in Cybercrime

While the group’s operations are relatively new, they signal a shift in how cybercriminals are expanding their methods. Traditionally, hackers relied on digital infiltration, but the Silent Ransom Group is now combining this with physical access to create more formidable attacks. This tactic is particularly risky because it leaves a trail of evidence, such as surveillance footage and access logs, which the FBI can scrutinize. “Many threat actors have found it easier to conduct things completely digitally, and therefore the physical aspect may be a threat we don’t think about as much,” said Genevieve Stark, head of cybercrime and information operations intelligence analysis at Google Threat Intelligence Group.

Targeting Major Law Firms

According to a cyber executive involved in ransom payments, the group is systematically targeting every major law firm in the US. “My expectation is that they’re using this method to secure the most valuable data possible,” the source told CNN. The FBI has confirmed that the group is the only known “data extortion group” to physically access its victims’ premises, emphasizing the unique nature of their operations. The bureau reported “numerous physical access attempts” across various US cities, though it declined CNN’s request for an interview with an official focused on the case.

Legacy of Cyber and Physical Threats

While the Silent Ransom Group’s strategy is distinctive, it’s part of a broader trend of cybercriminals escalating their physical tactics. Other groups have previously used methods like swatting—where callers trigger massive police responses—to intimidate victims. However, most government and private security experts remain unprepared for threats that merge both digital and physical elements. “The combination of cyber and physical attacks requires a different approach to threat detection and response,” said Stark. “It’s a more complex challenge because the evidence is harder to trace and the risks are amplified.”

Implications for Cybersecurity

The rise of this dual-layer strategy raises critical questions about how organizations can defend against both online and in-person breaches. Law firms, which often handle sensitive client information, are particularly vulnerable to such tactics. The Silent Ransom Group’s ability to orchestrate these operations highlights the evolving sophistication of cybercrime. “They’re not just hacking—they’re creating a hybrid threat that’s harder to predict and mitigate,” said the law enforcement official tracking the group. This approach could become more common as cybercriminals seek to maximize their gains and exploit gaps in security protocols.

Understanding the Silent Ransom Group

The group’s operations suggest a well-organized network with distinct roles. While hackers focus on digital attacks, the hired hands—often individuals with no prior cybersecurity training—serve as the physical link to the firm’s infrastructure. This division allows the group to scale their efforts, as the cost of hiring local accomplices is relatively low compared to the potential rewards. The $500 payments, for instance, are a fraction of the ransom amounts they demand, making the strategy both cost-effective and efficient. “It’s a way to bypass the need for direct involvement in every stage of the attack,” said the cybersecurity source. “The human element provides a level of unpredictability that’s hard to counter.”

Preparing for the Future

As the Silent Ransom Group’s tactics gain traction, security experts are urging organizations to adopt more comprehensive strategies. This includes training employees to recognize social engineering attempts and investing in physical security measures. “Law firms need to be vigilant about both digital and physical access points,” said Stark. “Even a single USB stick can compromise years of data.” The FBI’s statement underscores the urgency of this issue, noting that the group’s ability to blend cyber and physical threats represents a significant evolution in modern crime. With continued success, the Silent Ransom Group may inspire other cybercriminals to follow suit, leading to a new era of hybrid attacks that demand multi-faceted defenses.