// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / 38 U.S. law firms
Breach Record

38 U.S. law firms

DISCLOSED 2026-05-28 · RANSOMWARE

The Russia-linked Silent Ransom Group escalated attacks on U.S. law firms in Spring 2026 by sending operatives into offices disguised as IT support to plug in USB drives and steal privileged data. The FBI issued a FLASH alert confirming 38 firms have been compromised. The method bypasses traditional network defenses by gaining physical access.

The record

What we know

Disclosed
2026-05-28
Attack vector
Ransomware
Sector
legal
Country
US
Data classes exposed
privileged data
ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

The attack involved physical access and USB insertion, which a positive-security model might not prevent if the USB device is recognized as authorized or if the attacker operates outside endpoint monitoring. Insufficient details on endpoint defenses.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other ransomware breaches on file

This page is the permanent ColdRecon entry for the 38 U.S. law firms disclosure. It updates if new public reporting emerges. All tracked breaches →

38 U.S. law firms just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →