Chinese Hackers Target US Law Firms in Zero-Day Attack

 The FBI is investigating suspected cyberattacks on major US law firms, allegedly carried out by Chinese hacking groups, highlighting an ongoing cyber espionage campaign targeting sensitive American institutions.

At the center of the probe is Williams & Connolly, a prominent Washington-based law firm known for representing high-profile figures, including Bill and Hillary Clinton. The firm confirmed that a zero-day attack—exploiting previously unknown software vulnerabilities—compromised a small number of attorney email accounts.

“During the incident, a small number of Williams & Connolly attorney email accounts were accessed by leveraging what is known as a zero-day attack,” the firm told The New York Times. They emphasized that no confidential client data was extracted from other parts of their IT systems, including secure client databases.

The law firm has taken immediate steps to contain the threat, and there is no evidence of ongoing unauthorized activity on its network. Cybersecurity firm CrowdStrike and law firm Norton Rose Fulbright have been engaged to assess and mitigate the breach. Preliminary investigations suggest the attackers are linked to a nation-state actor, consistent with prior Chinese cyber operations targeting US interests.

Sources indicate the same group is suspected of breaching over a dozen other law firms and technology companies in recent months, aiming to gather information on US national security and international trade.

US officials have long accused China-linked hacking groups of targeting American corporations, defense contractors, universities, and now law firms, often to steal intellectual property or gain insight into US policymaking.

A September report by cybersecurity firm Mandiant highlighted that Chinese hackers have been exploiting zero-day vulnerabilities across multiple industries, particularly in legal and software sectors, to conduct espionage operations.

Neither the FBI nor the Chinese Embassy in Washington has publicly commented on the matter.

This incident underscores the growing cyber threat posed by nation-state actors to critical sectors in the US, including law, technology, and national security.