UNC3753 conducts targeted extortion campaigns that exploit no software vulnerabilities — the attack chain consists entirely of social engineering via phone, Microsoft Teams, and Zoom impersonation, followed by manipulation of employees into installing legitimate RMM tools. The affected tools (AnyDesk, Bomgar, SuperOps RMM, Zoho Assist, WinSCP, Rclone) are all legitimate software; the threat is misuse through human manipulation, not software exploitation. This entry covers the RMM and collaboration tools exploited as attack enablers.