Chinese Hackers Allegedly Target U.S. Law Firms via Zero-Day Attacks

A new cybersecurity probe has revealed that Chinese hackers may have infiltrated prominent U.S. law firms, raising concerns about exposure of sensitive legal communications. Among the firms named is Williams & Connolly, which confirmed unauthorized access to some email accounts.

The FBI’s Washington field office is investigating after leaks suggested that attackers used zero-day vulnerabilities to breach law firm networks. Williams & Connolly said the intrusion impacted a “small number” of attorney email accounts, but that no evidence exists that files containing client data were accessed.

Steps have been taken to patch the vulnerability and harden defenses. The firm stated that it found no signs of data exfiltration or unauthorized traffic beyond the compromised accounts.

Officials did not immediately confirm the origin of the attacks. While the leaks point to Chinese involvement, the firm did not explicitly attribute the breach. The Chinese Embassy in Washington has not publicly responded to inquiries.

U.S. authorities have long accused China of sponsoring cyberattacks aimed at harvesting intellectual property and sensitive data from corporations and institutions. This incident underscores the ongoing tension between legal firms’ duty to protect privileged information and the evolving threats posed by state-linked hacking operations.