Chinese hackers breach US law firms: Report

Washington DC [US], October 8 : Williams & Connolly, one of the country's most prominent law firms, has told clients that Chinese hackers infiltrated some of its computer systems as part of a broader effort by the Chinese to target American law firms, according to two people briefed on the matter, The New York Times reported.

The FBI's Washington field office is investigating the hack and similar ones executed by the same Chinese hackers, according to one of the people briefed on the matter. The hackers are suspected of breaching the networks of more than a dozen other law firms and technology companies in recent months.

The people briefed on the hack and the FBI investigation spoke on the condition of anonymity because they did not want to be identified discussing a matter that was being investigated by federal authorities, as reported by The New York Times.

Williams & Connolly, which has a reputation for aggressively fighting the government, represents high-profile American politicians, including Bill and Hillary Clinton. It was the first firm to step up and represent one of the law firms that had been targeted by US President Donald Trump with a punitive executive order as part of Trump's campaign against firms he felt had opposed him legally and politically, The New York Times reported.

In recent days, the firm has sought to reassure clients by telling them that, to the best of its knowledge, the hackers are not looking to make the information they took public or sell it. It told clients that some of the email accounts for its lawyers had been breached and that the hackers may have gained access to some client emails.

"During the incident, a small number of Williams & Connolly attorney email accounts were accessed by leveraging what is known as a zero-day attack," the firm said in a statement to The New York Times in response to questions about the hack. "Importantly, there is no evidence that confidential client data was extracted from any other part of our IT system, including from databases where client files are stored," The New York Times reported.

The firm said, "We have taken steps to block the threat actor, and there is now no evidence of any unauthorized traffic on our network."

In September, the cybersecurity firm Mandiant said Chinese hackers had been engaged in a years-long espionage campaign intended to exploit so-called zero-day vulnerabilities in computer networks to soak up intelligence from institutions like law firms.

"Since March 2025, Mandiant Consulting has responded to intrusions across a range of industry verticals, most notably legal services" and software companies, the firm said in its September report. "Based on evidence from recent investigations, the targeting of the US legal space is primarily to gather information related to US national security and international trade."

Williams & Connolly has hired the cybersecurity firm CrowdStrike and the law firm Norton Rose Fulbright to deal with the fallout from the hack. "Based on the firm's investigation, conducted in conjunction with cyberexperts at CrowdStrike, the threat actor is believed to be affiliated with a nation-state actor responsible for recent attacks on a number of law firms and companies," the firm said, as reported by The New York Times.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor