When Cybercriminals Hire Burglars: Inside an Alleged Russian Effort to Infiltrate Multibillion-Dollar US Law Firms
When cybercriminals hire burglars – In a startling development, cybercriminals are increasingly resorting to physical methods to execute their attacks, blurring the lines between digital and real-world crime. A recent incident in April revealed how a New Jersey-based law firm became a target when an IT support caller requested access to their computer system. The visitor, posing as a technician, claimed urgent action was needed to stop a spreading virus. Unbeknownst to the lawyer, the call was part of a larger scheme orchestrated by a Russian-speaking cybercriminal group. The firm’s receptionist noticed the unexpected visitor, raising red flags among cybersecurity analysts.
A Hybrid Strategy in Action
“That’s when an alarm bell went off: Why would an IT person need to check in with reception?” said Leeann Nicolo, a cybersecurity incident response specialist at Coalition, the firm hired to investigate.
The visitor quickly fled the building after the lawyer failed to verify their identity. This tactic is attributed to the Silent Ransom Group, a Russian-speaking cybercriminal collective linked to a series of similar attacks across the U.S. The FBI and private investigators have identified this group as a key player in data extortion campaigns. Their modus operandi involves sending operatives to law firm offices to insert USB drives, a method that bypasses traditional digital defenses by exploiting human trust and physical access.
Exploiting the Vulnerable Link
The group’s strategy is rooted in the belief that physical access can undermine even the most advanced cybersecurity systems. While remote hacking has long been a primary tool for cybercriminals, the Silent Ransom Group has taken a different approach, outsourcing the risk to hired individuals. According to a cybersecurity expert familiar with the operations, this method allows the group to reduce costs and increase efficiency. A single USB drop can cost as little as $500, but the potential payoff is significant—enough to force firms into costly ransom agreements.
By combining cyber and physical tactics, the group aims to maximize their leverage in negotiations. Stolen sensitive data, such as confidential client files or legal documents, can be used to pressure victims into paying hefty ransoms. If firms resist, the information is leaked, threatening their reputations and financial stability. This dual-pronged approach has reportedly generated over $100 million in ransom payments from law firms in just six months, with some estimates suggesting the total could reach tens of millions.
One of the most sophisticated examples of this method involved an IT impersonator who entered a law firm and spoke Russian into his smart glasses, likely transmitting real-time footage of the premises. Before reaching the target desk, another group member called the lawyer’s phone, mimicking a FedEx dispatcher to create a distraction. Despite the careful planning, the firm’s defenses ultimately thwarted the attack, as noted by a cybersecurity researcher involved in the case. This incident highlights the complexity of modern cybercrime, where physical breaches are meticulously orchestrated to complement digital attacks.
Blurring the Lines of Cybercrime
“Many threat actors have found it easier to conduct things completely digitally, and therefore (the physical aspect) may be a threat we don’t think about as much,” remarked Genevieve Stark, head of cybercrime and information operations intelligence analysis at Google Threat Intelligence Group.
The FBI has emphasized that the Silent Ransom Group stands out for its unique blend of cyber and physical tactics. They are the only known data extortion group to have systematically used physical access to infiltrate victims’ premises. While the agency confirmed multiple attempts in major U.S. cities, it declined to provide an interview with an FBI official focused on the group. This hybrid strategy reflects the evolving nature of cybercrime, where digital threats are no longer standalone but integrated with physical elements to achieve greater impact.
Experts warn that this trend signals a new era in cyberattacks, where criminals exploit both virtual and physical vulnerabilities. The use of burglars as intermediaries not only diversifies their attack methods but also increases the likelihood of success. As law firms continue to store critical data digitally, the risk of such combined threats grows. The FBI and cybersecurity firms are now working to identify patterns in these attacks and develop strategies to counter both digital and physical breaches effectively.
