UNC3753: Vishing and Physical Intrusions in US Data-Theft Campaigns

Colleagues, note: Google/Mandiant and GTIG have documented campaign UNC3753 targeting US legal, financial and professional services firms (Jan–May 2026).
- Actors used vishing and social engineering posing as IT to obtain screen-sharing and install RMM/remote tools.
- In some cases they physically entered offices posing as technicians and removed data on USBs/drives.
- Stolen contracts, PII and financial records; exfiltration via WinSCP/Rclone or email; followed by extortion with a three‑day deadline.
Why it matters: attacks on human factors and physical access bypass many technical controls.
What measures will you strengthen against vishing and physical access?
#cybersecurity #vishing #socialengineering #infosec


Latest comments
No comments yet.