Cybersecurity researchers from Mandiant and Google Threat Intelligence Group detailed a series of cyberattacks by the Silent Ransom Group, which occurred between January and May 2026. The group used physical access and social engineering to steal data from dozens of organizations.

Members of the group have impersonated IT workers to gain entry to victims' offices. Once inside, office-based operatives used USB drives to extract data directly from computers. These operatives also assisted remote associates in connecting to victims' networks.

The Federal Bureau of Investigation (FBI) issued an alert concerning social engineering and phishing campaigns that involve impersonating IT support staff. An FBI spokesperson said, "We can confirm we have seen multiple instances of individuals impersonating IT support who have gained or attempted to gain physical in-person access to victim companies' offices and/or devices as part of Silent Ransom Group's scheme to exfiltrate data."

Charles Carmakal, chief technology officer at Mandiant, said, "Mandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks."

The group employs an extortion scheme by operating a website for publishing stolen data. The group sends emails to victims, demanding payment under the threat of data publication, and the scheme operates without encrypting the targeted data. Exfiltrated information has included contracts, Social Security numbers, and financial records.

The attackers also use phishing emails, follow-up calls, and social engineering tactics. Researchers wrote, "The callers use a variety of verbal instructions to guide target behavior. Under the guise of addressing a security issue or aiding with a corporate data migration project, they build trust and direct the target to join a screen-sharing session." These attackers direct targets to download screen-sharing software to bypass security protocols, and they also employ built-in screen-sharing functions in communication platforms like Zoom and Microsoft Teams.