Zero-Day Exploit Used in Chinese Hack of High-Profile Law Firm

Williams and Connolly, a Washington-based law firm known for its representation of political figures and major corporations, has notified clients of a cybersecurity incident involving unauthorized access to a limited number of attorney email accounts.

According to individuals briefed on the matter, the intrusion was carried out using a zero-day vulnerability and is believed to be part of a broader campaign by Chinese state-sponsored hackers targeting U.S. law firms and technology companies.

The FBI’s Washington field office is investigating the breach, along with other intrusions suspected to be carried out by the same threat actor.

The firm stated that there is no evidence that client file databases were accessed or that confidential information was extracted from other parts of the firm’s IT system. Williams and Connolly engaged the cybersecurity company CrowdStrike and the law firm Norton Rose Fulbright to support its response.

Based on the investigation, the threat actor is believed to be associated with a nation-state group linked to similar recent attacks.

Why It Matters: The incident is one of several involving law firms in the United States and is consistent with reporting about recent campaigns attributed to Chinese state-affiliated actors. These campaigns have focused on exploiting zero-day vulnerabilities across various sectors, including legal and software services. Law firms that handle politically and commercially sensitive matters are among the affected organizations.

• Zero-Day Vulnerability Used to Access Email Accounts: Williams and Connolly confirmed that the attackers gained access to a small number of attorney email accounts by exploiting a zero-day vulnerability. The firm reported that there is no indication of unauthorized access to client files or other parts of its network. In its public statement, the firm said there is no evidence that data was extracted from databases where client files are stored.

• Client Communications May Have Been Exposed: According to the firm’s notification to clients, some attorney email accounts were accessed during the incident. The firm stated that, to its knowledge, the attackers are not seeking to publish or sell any information obtained during the breach. Williams and Connolly represents a number of high-profile clients, including political figures and major corporations, and confirmed that it took steps to block the threat actor. It has not reported specific content or communications that were accessed.

• Breach Linked to Chinese State-Sponsored Actors: Two individuals briefed on the matter told The New York Times that the attack was carried out by hackers associated with the Chinese government. The FBI is investigating the breach as part of a broader pattern of activity that has affected more than a dozen law firms and technology companies in recent months. Williams and Connolly stated that the attacker is believed to be affiliated with a nation-state actor responsible for similar recent incidents.

• Broader Campaign Identified by Mandiant: In September 2025, cybersecurity firm Mandiant reported that Chinese hackers had engaged in a multi-year espionage campaign targeting institutions such as law firms and software companies. The firm stated that these operations relied on zero-day vulnerabilities and that affected organizations included entities involved in U.S. national security and international trade. Mandiant reported that since March 2025, its consultants have responded to intrusions across multiple sectors, including legal services.

• Similar Incidents Reported by Other Firms: In an earlier case in 2025, Wiley Rein, a U.S.-based law firm, informed clients that its Microsoft 365 email accounts had been compromised by attackers believed to be Chinese state-sponsored hackers. That incident was also described as focused on intelligence gathering rather than financial motives. Mandiant and Google’s Threat Intelligence Group reported that the legal sector has been among the primary targets in recent cyber operations linked to Chinese threat actors.

Go Deeper -> Chinese Hackers Said to Target U.S. Law Firms – The New York Times

Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day – SecurityWeek