Major US law firms targeted by Chinese hackers: Report
Small number of attorney email accounts accessed through zero-day attack, says law firm Williams & Connolly
ISTANBUL
Chinese hackers have infiltrated the computer systems of several major US law firms, including Washington-based Williams & Connolly, according to a New York Times report on Tuesday.
Williams & Connolly told clients that its systems had been breached and that hackers may have accessed some client emails, the report said, citing two people briefed on the matter.
The company is one of the United States’ most prominent law firms, known for representing senior American politicians such as former Presidents Bill Clinton and George W. Bush.
According to sources, the FBI’s Washington field office is investigating the intrusion, along with similar hacks allegedly carried out by the same group of Chinese cyber actors. The same hackers are suspected of targeting more than a dozen other law firms and technology companies in recent months.
The FBI has not publicly commented on the ongoing investigation.
In a statement to the New York Times, Williams & Connolly said a “small number” of its lawyers’ email accounts had been accessed through a so-called zero-day attack — a method exploiting previously unknown software vulnerabilities.
“Importantly, there is no evidence that confidential client data was extracted from any other part of our IT system, including from databases where client files are stored,” the firm said. “We have taken steps to block the threat actor, and there is now no evidence of any unauthorized traffic on our network.”
The firm, which has a reputation for aggressively defending its clients in high-profile cases, has hired cybersecurity firm CrowdStrike and the law firm Norton Rose Fulbright to assist with the investigation and response.
CrowdStrike’s preliminary findings indicate that the attackers are affiliated with a nation-state actor linked to a broader campaign targeting US law firms and companies, Williams & Connolly said.
In September, cybersecurity company Mandiant said in a report that Chinese hackers had been engaged in a years-long espionage operation using zero-day vulnerabilities to collect intelligence from institutions such as law firms.
Williams & Connolly has sought to reassure clients that, to its knowledge, the hackers do not intend to sell or publicly release any of the information obtained during the breach.
Anadolu Agency website contains only a portion of the news stories offered to subscribers in the AA News Broadcasting System (HAS), and in summarized form. Please contact us for subscription options.
