Zero-day lets nation-state spies cross-examine elite US law firm Williams & Connolly

Washington's elite law firm Williams & Connolly has confirmed that attackers exploited a zero-day vulnerability to access a handful of attorney email accounts in what it believes was a nation-state-linked cyberattack.

In a statement, the firm said it "recently discovered a cybersecurity incident involving access to certain systems on our network," and that the attackers had "leveraged what is known as a zero-day attack." It added that, based on an investigation conducted with CrowdStrike, the threat actor was affiliated with a nation-state group "responsible for recent attacks on a number of law firms and companies."

Williams & Connolly stated that there was no evidence that confidential client data had been extracted from its databases, which store sensitive case files.

Williams & Connolly added that it had "blocked the threat actor" and found "no evidence of any unauthorized traffic" remaining on its network.

The breach is particularly sensitive given the ...