A presumed Russian-based crime group is targeting American law firms with a sequence that includes walking into offices with USB sticks, Mandiant warned over the weekend.
The Google threat intelligence unit said attacks were ongoing in May.
The FBI also put out a flash alert in late May about the new walk-in threat. The group have impersonating a firm's IT employees to exfiltrate data, in some cases physically entering offices and hooking up storage devices, since April 2025.
It linked the walk-ins to UNC3753, a threat actor also known as Silent Ransom Group (SRG), Luna Moth and Chatty Spider in operation since 2022. The group is known for complex email phishing campaigns, and has "consistently targeted US-based law firms since Spring 2023".
Unit 42 has also investigated cases in the retail space by the same group, which it refers to as Luna Moth.
