Cybersecurity researchers and US federal authorities have issued warnings about a dangerous new trend in cybercrime. A ransomware-linked criminal group is combining traditional digital attacks with physical infiltration, sending individuals who pose as IT workers to gain direct access to victims’ offices and computer systems.
This represents a significant shift in cybercriminal tactics, moving beyond purely online operations to include face-to-face deception. The approach makes attacks harder to detect and defend against, as it bypasses many traditional cybersecurity measures that focus on digital perimeters.
Google’s cybersecurity units, Mandiant and Google Threat Intelligence Group, published a report on June 5 detailing the activities of the “Silent Ransom Group.” The group targeted dozens of organizations between January and May, primarily focusing on law firms and other professional services organizations.
The group uses multiple tactics to gain access to sensitive systems:
- Phishing emails designed to steal credentials
- Social engineering tactics to manipulate employees
- Phone calls impersonating corporate IT support staff
- In-person visits where criminals pose as technical support personnel
The physical component of these attacks makes them particularly concerning for cybersecurity professionals. When imposters visit offices in person, they can access employees’ computers directly using USB storage devices or set up remote connections that allow other group members to extract sensitive information from anywhere in the world.
The stolen data includes contracts, financial records, tax documents, and personal information – exactly the type of sensitive material that organizations cannot afford to have leaked publicly or sold to competitors.
The FBI issued a similar alert last month describing attacks where criminals impersonated IT support workers to gain system access. This coordinated warning from both Google and federal authorities shows the scope and seriousness of the threat facing businesses across the United States.
Unlike traditional ransomware attacks that encrypt victims’ systems and demand payment for restoration, the Silent Ransom Group focuses primarily on data theft and extortion. The group threatens to publish stolen information on a dedicated leak site if organizations refuse to pay, a tactic known as “double extortion” that has become increasingly common among cybercriminal groups.
The attackers build trust by claiming they’re responding to security concerns or helping with corporate technology projects. They encourage victims to join screen-sharing sessions or install remote access software, which allows the criminals to bypass security controls and gain entry to internal systems without triggering traditional security alerts.
This trend toward physical infiltration combined with digital attacks reflects the evolving sophistication of cybercriminal operations. As organizations strengthen their digital defenses, attackers are finding new ways to exploit the human element of cybersecurity – often the weakest link in any security strategy.