A high-profile global law firm that represented Donald Trump in both of his election campaigns has disclosed it was the victim of a cyber attack.
Jones Day – which is headquartered in the United States but has offices globally, including in Sydney – disclosed the attack on April 7, confirming that it had fallen victim to a phishing attack during which “an unauthorised third party accessed a limited number of dated files for 10 clients,” according to Reuters and other outlets.
Those clients have since been notified.
According to reporting by breach tracking website DataBreaches.net, the culprit of the attack is the Silent Ransom Group. That outlet published what appears to be a negotiation between the threat actor and its victim, wherein the hackers named their ransom price as US$13 million.
There is no evidence that Jones Day has paid any ransom, nor has it confirmed that the negotiations published are accurate.
Cyber Daily has reached out to Jones Day’s Sydney office for confirmation to enquire if any Australian data or clients have been compromised. As of the time of writing, Jones Day's website does not feature any notification of the incident.
The negotiation, alongside a file tree of allegedly stolen data, was published on the Silent Ransom Group's leak site, where it said, “We have obtained confidential client data and internal communications. Negotiations can prevent a full leak.”
However, Jones Day has also been listed on a second leak site, one that belongs to a group calling itself Leaked Data. It is thought by some analysts to be a rebranded version of the Silent Ransom Group.
While the copy of each leak post appears identical, the link to the published data on Leaked Data’s site seems broken.
The two groups are thought to be close enough that ransomware tracking site Ransomware.live lists the two groups under the one page, using the leak site of Leaked Data as the main extortion site for the two groups.
Other analysts, such as SOCRadar, have similar theories.
“Early speculation from some researchers suggested LeakedData might have been a lure for a watering hole attack, a tactic where attackers compromise websites likely to be visited by specific targets in order to deliver malware,” SOCRadar said in a May 2025 blog post.
“However, this theory appears unlikely, as there is little to indicate that researchers were the intended targets. However, emerging evidence points to LeakedData being a rebranded incarnation of a familiar adversary: a remnant of the Conti ransomware, Silent Ransom Group.”
Who is Silent Ransom Group
The FBI called attention to Silent Ransom Group at about the same time as SOCRadar, warning that the hackers were known to target law firms.
“The cyber threat actor Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, is targeting law firms using information technology (IT) themed social engineering calls, then sending an individual posing as an IT support employee to the firm in-person, after which they insert a storage device into a computer to steal sensitive data to extort the victims,” the FBI said at the time.
“While SRG has historically victimised companies in many sectors, starting Spring 2023, the group has consistently targeted US-based law firms, likely due to the highly sensitive nature of legal industry data.”
The Conti ransomware group, which SRG is descended from, was first observed in late 2019 and disbanded over arguments regarding the Russian invasion of Ukraine in 2022. Groups that are thought to be made of refugees from the group include Akira, Black Basta, Hunters International, and DevMan.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.