The financially motivated threat cluster UNC3753 is conducting a fast-paced data theft and extortion campaign against US legal and professional services. The group leverages vishing and IT helpdesk impersonation to trick targets into installing legitimate RMM and screen-sharing tools, enabling rapid data exfiltration from corporate repositories and VDI environments. Notably, the campaign also involves suspected physical intrusions where actors use USB media to steal data directly from endpoints.