Jones Day acknowledged that an “unauthorised third party accessed a limited number of dated files for 10 clients” and that all affected clients have been notified. The attackers claimed they focused on the head of the firm’s Federal Circuit team, supposedly referring to Greg Castanias. Jones Day declined to identify the clients or the specific files involved, displaying the kind of attention to secrecy that could’ve avoided this whole problem to begin with.
The attack has been attributed to the Silent Ransom Group, also known as Luna Moth, Chatty Spider, and UNC3753 — all excellent garage band names for anyone in the market. According to an FBI alert last May, SRG has been targeting law firms specifically since 2023. But that was before the federal law enforcement agency embarked on a half-baked loyalty purge and reassigned the remaining agents to rounding up roofers and threatening people for making fun of Trump on Instagram. Today, the FBI exists mostly as a luxury travel agent for Kash Patel to slam beers with hockey players.
As a bulwark against cybercrime, the FBI is essentially an offensive lineman who immediately turns around and yells “incoming!” at the quarterback.
SRG’s M.O. is social engineering — phishing emails and phone calls impersonating IT staff — rather than sophisticated zero-day exploits. They don’t even really employ malware. They just convince someone to give them remote access and then walk out with the data using off-the-shelf file transfer tools.
The group published a file directory and screenshots of what appear to be negotiation chats between SRG and Jones Day representatives. According to reporting, the hackers demanded $13 million to keep quiet about the breach. When Jones Day didn’t immediately open the checkbook, the negotiations broke down. The group’s final message — from a negotiator identifying themselves as “Ammiel Olsen” — warned that they would publish all the data, contact every employee and client, and resume attacks on the firm.
This is not Jones Day’s first time at the breach rodeo. The firm was among several companies caught up in a 2021 hack of the Accellion file transfer software, which resulted in client data — including prescription drug records — being dumped online. So when we talk about whether firms are successfully staying ahead of the cyber threat, here’s a firm dealing with its second major incident in five years.
The FBI’s old warning about SRG noted that the group targets law firms “likely due to the highly sensitive nature of legal industry data.” Well, that and the fact that they know a soft target when they see one. While everyone keeps hyping up AI well beyond its actual capabilities, cybersecurity remains a potentially expensive exposure.
It’s unclear if SRG followed through on its threat to renew attacks. But, because it’s 2026, their warning message to the firm threw in that the reputational damage would sting even more “especially after being exposed in the Epstein files about your ties with child predators.”
I don’t know. It kind of feels like being exposed in the Epstein files takes the sting out of anything else a hacking group could throw.
Joe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter or Bluesky if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.
The post Jones Day Gets Hacked While FBI Busy Planning Kash Patel’s Next Vacation appeared first on Above the Law.
