Law firm Williams & Connolly said state-sponsored hackers breached some of its systems and gained access to attorney email accounts.
The prominent Washington, DC-based law firm is known for representing political figures and government officials, including Barack Obama and the Clintons, as well as major companies such as Intel, Samsung, Google, Disney, and Bank of America.
According to a statement issued by the company, an investigation conducted with the assistance of CrowdStrike showed that the hackers exploited an unspecified zero-day vulnerability to gain access to a “small number” of attorneys’ email accounts.
The probe showed that the attack was likely the work of a state-sponsored hacker group known to have recently targeted law firms and other companies.
Williams & Connolly said there was no evidence that confidential client data was stolen or that other parts of its IT system had been compromised.
While the company’s statement does not mention China, The New York Times learned that Chinese hackers targeted Williams & Connolly, along with other law firms.
The publication also learned that Williams & Connolly has been telling clients that the hackers are unlikely to sell or publish the information they obtained.
It’s unclear if they are related, but Google’s Threat Intelligence Group and Mandiant reported recently that China-linked cyberespionage groups have targeted the legal services sector, including through the exploitation of zero-day vulnerabilities. The hackers spent, on average, nearly 400 days in the targeted networks.
A Chinese threat actor is also believed to be behind a recent campaign targeting entities involved in US-China relations, economic policy, and international trade. In some cases the hackers impersonated a US lawmaker to deliver their malware.
Earlier this year, another powerful American law firm, Wiley Rein, told customers that Microsoft 365 email accounts were hacked by Chinese nation-state hackers whose apparent goal was intelligence gathering. Wiley Rein also serves major companies and the US government.
Related: Marketing, Law Firms Say Data Breaches Impact Over 200,000 People
Related: Law Firm Data Breach Impacts 300,000 Presbyterian Healthcare Patients
Related: Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected
