When Cybercriminals Hire Burglars: Inside an Allege Russian Effort to Infiltrate Multibillion-Dollar US Law Firms
When cybercriminals hire burglars – In April, a phone call at a US law firm’s office set off a chain of events. The voice on the line claimed to be from IT support, demanding immediate access to a lawyer’s computer to halt a spreading virus. The caller insisted remote fixes weren’t sufficient, prompting the lawyer to invite the stranger to his desk in New Jersey. The next day, the firm’s receptionist reported a visitor from IT. “That’s when an alarm bell went off,” explained Leeann Nicolo, a cybersecurity incident response specialist at Coalition, the firm’s insurer. “Why would an IT person need to check in with reception?” she wondered. The visitor fled the building as the lawyer approached, according to Nicolo. This scenario, she noted, is one of several incidents involving the Russian-speaking Silent Ransom Group, which the FBI and private investigators believe is orchestrating these attacks.
Physical Access as a Cyber Strategy
The Silent Ransom Group’s approach blends digital and physical tactics. By hiring individuals to gain in-person access, they bypass online defenses that often thwart remote cyberattacks. This method allows them to introduce malware via USB drives, which can circumvent antivirus systems. The group’s strategy is simple: exploit human trust to create a direct line of contact with victims. In one case, a man pretending to be IT support entered a law firm and began speaking Russian into his smart glasses, capturing real-time footage of the office’s computers. Another cybersecurity researcher, who reviewed the case, suggested this was a deliberate move to gather evidence for the hackers.
“My expectation is that they’re targeting every major law firm in the US,” said a cyber executive involved in payments to the group. “They’re not just looking for quick cash—they’re building leverage for larger demands.”
Such operations are risky. They leave behind surveillance footage and other digital traces that the FBI can analyze. Yet, the group’s investment is minimal. In a private Telegram channel, they’re offering $500 to individuals who can visit law firms and insert USB sticks. “The hired hands are ‘cannon fodder’ for the Russian-speaking cybercriminals,” a cybersecurity professional familiar with the scheme told CNN. “They’re expendable assets in a much larger cybercrime war.”
Escalating Cybercrime Tactics
Law enforcement officials have observed a pattern in these attacks. The Silent Ransom Group, according to an FBI statement, is the only known “data extortion group” that physically accesses its victims’ premises. This contrasts with traditional cybercriminals, who rely solely on digital methods. The FBI highlighted “numerous physical access attempts” in cities across the country, though they declined to comment on specific details with an FBI official focused on the group.
The group’s financial success underscores the effectiveness of their strategy. In six months alone, they’ve reportedly extorted around $100 million from law firms, as estimated by a cybersecurity executive who facilitated payments. Other sources suggested the total could be even higher, with tens of millions more claimed. When digital hacking fails to yield enough data for a big ransom, the group turns to human agents. This hybrid approach increases their chances of success, as it allows them to collect sensitive client information that can be used to pressure firms during negotiations.
“Many threat actors have found it easier to conduct things completely digitally,” said Genevieve Stark, head of cybercrime and information operations intelligence analysis at Google Threat Intelligence Group. “But the physical aspect may be a threat we haven’t considered as much.”
These operations require coordination between cybercriminals and local operatives. In one instance, a hired hand was lured to a law firm’s office while another member of the group impersonated a FedEx dispatcher to distract the lawyer. The intruder managed to plug in a thumb drive, but the firm’s cybersecurity measures blocked the attack. This highlights the group’s adaptability, as they refine their methods to evade detection. Their efforts have also extended to major US cities, including New York and Washington, D.C., where agents have been deployed to carry out similar tasks.
A Shift in Cyber Threats
While physical intrusions are relatively new for data extortion groups, they’re not unheard of. Other cybercriminals have used tactics like swatting—where callers trigger mass police responses—to create chaos. However, the Silent Ransom Group’s method is more sophisticated. By combining cyber and physical elements, they’re expanding the scope of their attacks. “This is a rare and risky tactic,” said a law enforcement official tracking the group. “It leaves a clear trail, but it also gives them a strategic edge.”
The group’s actions reflect a broader trend in cybercrime: moving beyond virtual threats to real-world operations. Cybersecurity experts warn that this dual approach complicates defense strategies. Most government and private security teams are trained to handle digital threats, but the physical element introduces new vulnerabilities. “They’re essentially creating a bridge between the online and offline worlds,” said Stark. “This makes it harder for defenders to predict or stop the attack.”
For law firms, the risk is significant. If they don’t pay the ransom, the hackers leak the stolen data, which can damage reputations or lead to legal consequences. The Silent Ransom Group’s ability to execute such attacks suggests a growing confidence in their methods. Their success has also prompted questions about the adequacy of current cybersecurity protocols. While remote attacks are common, the group’s physical infiltration demonstrates a willingness to invest in human resources to achieve higher returns.
Experts are now urging law firms to adopt more robust measures. This includes verifying the identity of IT personnel before granting access and monitoring physical entry points. The FBI’s involvement in the case signals the seriousness of the threat, but it’s unclear how prepared the nation is to respond. As the group continues its operations, the line between cybercrime and traditional theft is becoming increasingly blurred. The cost of inaction is rising, with each stolen data set potentially leading to millions in losses.
Ultimately, the Silent Ransom Group’s strategy highlights the evolving nature of cyber threats. By leveraging physical access, they’re not only enhancing their ability to steal data but also increasing the pressure on victims during ransom negotiations. As their tactics grow bolder, the need for integrated security solutions—combining digital vigilance with real-world preparedness—becomes more urgent. The coming months may reveal whether law firms can adapt to this new form of cyber warfare or face even greater consequences.
