Washington, D.C— Williams & Connolly, one of the United States’ most influential law firms, has notified clients that Chinese hackers infiltrated parts of its computer network — a breach now under investigation by the FBI’s Washington field office, according to people briefed on the matter.
The intrusion is believed to be part of a larger Chinese cyber-espionage campaign aimed at penetrating the American legal sector and acquiring sensitive information tied to U.S. national security and trade negotiations. Officials familiar with the case said the FBI is investigating not only the Williams & Connolly breach but also a string of similar hacks that have targeted more than a dozen law firms and technology companies in recent months. The individuals discussed the investigation on condition of anonymity, citing the sensitivity of an ongoing federal probe.
High-Profile Clients, High Stakes
Founded in Washington and known for its aggressive litigation strategies, Williams & Connolly has represented some of the most powerful figures in American politics — including Bill and Hillary Clinton. The firm also gained attention during the Trump administration for representing firms that were subject to the former president’s punitive executive orders.
In a message to clients, the firm said that, to its knowledge, the hackers have not attempted to leak or sell any stolen information. However, it acknowledged that a small number of attorney email accounts were compromised, potentially exposing some client communications.
“During the incident, a limited number of Williams & Connolly attorney email accounts were accessed by leveraging a zero-day attack,” the firm said. “Importantly, there is no evidence that confidential client data was extracted from any other part of our IT system, including from databases where client files are stored.”
The firm added that it has since blocked the threat actor and found no further signs of unauthorized activity.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
A Pattern of Chinese Espionage
In September, cybersecurity firm Mandiant revealed that Chinese hacking groups have been conducting a multi-year espionage campaign, exploiting zero-day vulnerabilities to harvest intelligence from law firms and corporations.
“Since March 2025, Mandiant Consulting has responded to intrusions across multiple industries — most notably legal services and software companies,” the firm wrote in its September report. “Based on current evidence, the targeting of the U.S. legal sector appears primarily aimed at gathering information related to U.S. national security and international trade.”
CrowdStrike and Norton Rose Fulbright Step In
To contain the fallout and strengthen its cyber defenses, Williams & Connolly has hired cybersecurity firm CrowdStrike and law firm Norton Rose Fulbright.
In a joint statement, the firm said:
“Based on the firm’s investigation, conducted in conjunction with cyber experts at CrowdStrike, the threat actor is believed to be affiliated with a nation-state group responsible for recent attacks on several law firms and corporations.”
The incident has heightened concerns in Washington about the vulnerability of sensitive legal data — much of which intersects with matters of national policy, defense, and diplomacy — to foreign cyber operations.
