Chinese hackers infiltrated a major law firm.

Summary

By the CyberWire staff

Chinese hackers infiltrated a major law firm.

Williams & Connolly informed its clients that their computer systems had been infiltrated and that the attackers may have been able to access client emails. Sources believe that the attack may involve more than a dozen victims. The FBI's Washington field office is assisting in investigating the incident, and the law firm has engaged CrowdStrike and outside counsel Norton Rose Fulbright to assist with the response. Additionally, the firm stated that the intrusion has been contained.

Reportedly, the attackers accessed email accounts through a zero-day vulnerability. According to Mandiant, the campaign aligns with a larger Chinese espionage effort that is looking for intelligence on US national security and trade issues.

In a statement, the firm wrote:

"Importantly, there is no evidence that confidential client data was extracted from any part of our IT system, including from databases where client files are stored. We have taken steps to block the threat actor, and there is now no evidence of any unauthorized traffic on our networks."

EU Chief warns that Russia is at 'hybrid war' with Europe.

European Commission President Ursula von der Leyen warned that Russia is engaging in a "hybrid war" against Europe. President von der Leyen cited coordinated cyberattacks, sabotage, and provocations targeting many EU member states. Additionally, she pointed out airspace violations and drone incursions, describing the incidents as part of a deliberate effort "to unsettle our citizens, test our resolve, and weaken our support for Ukraine."

In response to these incidents, President von der Leyen emphasized the need for a new security strategy that aims to strengthen rapid cyber response and protect critical infrastructure.

New, stealthy malware, "Lojax," is being deployed by Fancy Bear.

ESET researchers have discovered a new malware, dubbed "Lojax," which is actively infecting a computer's UEFI firmware. Attributed to APT28, also known as the Russian hacking group Fancy Bear, Lojax embeds itself into firmware, enabling it to remain even after hard drive replacement or OS reinstalls. With this access, attackers can gain deep, persistent control over machines and potentially access networked systems and data.

Experts recommend enabling Secure Boot and updating firmware to block infection. If compromised, users may need to reflash or replace the motherboard entirely.

Notes.

Today's issue includes events affecting the European Union, the People's Republic of China, Russia, and the United States.

Attacks, Threats, and Vulnerabilities

Salesforce refuses to pay ransom over widespread data theft attacks (BleepingComputer) Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that impacted the company's customers this year.

Security Patches, Mitigations, and Software Updates

Microsoft kills more Microsoft Account bypasses in Windows 11 (BleepingComputer) Microsoft is removing more methods that help users create local Windows accounts and bypass the Microsoft account requirement when installing Windows 11.

Trends

Employees regularly paste company secrets into ChatGPT (The Register) Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission.

Marketplace

DataTribe Announces Finalists for Eighth Annual Cybersecurity Startup Challenge (DataTribe) Five Finalists Will Receive Messaging and Go-To-Market Coaching Before Presenting to an Expert Panel of Judges and an Audience of Prospective Investors and Customers.

SINET Announces the 2025 SINET16 Innovator Awards (Business Wire) Winners were selected from a pool of 193 applications from 19 countries this year, all companies with under $15 million in revenue.

Research and Development

Fraud Costs Businesses Nearly 8% of Their Equivalent Revenues Globally, TransUnion Reports (Fraud Costs Businesses Nearly 8% of Their Equivalent Revenues Globally, TransUnion Reports ) Fraud is draining business resources at an alarming and unprecedented rate. According to TransUnion’s (NYSE: TRU) newly released H2 2025 Update to the Top Fraud Trends Report, companies worldwide lost 7.7% of their annual revenue on average due to fraud over the past year, representing an estimated $534 billion across the 1,200 business leader...

Legislation, Policy, and Regulation

One-man spam campaign ravages EU ‘chat control’ bill (POLITICO) A software developer from Denmark is having an outsized influence on a hotly debated law to break open encrypted apps.

Litigation, Investigation, and Law Enforcement

Teens arrested in London preschool ransomware attack (The Register) London cops on Tuesday arrested two teenagers on suspicion of computer misuse and blackmail following a ransomware attack on a chain of London preschools.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

Don’t miss Jen Easterly, former CISA Director, headlining HIP Conf 25 (Charleston, SC, USA, Oct 7 - 9, 2025) Jen Easterly, former CISA Director, keynotes HIP Conf 2025. A globally recognized cybersecurity leader, Easterly brings unmatched insight into hybrid identity security and resilience. Register now for this must-attend event.

AI Agent Security Summit in San Francisco (San Franciso, California, USA, Oct 8, 2025) After launching in NYC, the AI Agent Security Summit heads to San Francisco to continue shaping how enterprises secure the next wave of AI. On Wednesday, October 8, join us at the historic Commonwealth Club in San Francisco.

Uniting Women in Cyber 2025 (Crystal City, Virginia, USA, Oct 9, 2025) UWIC is the premier event for cybersecurity leaders, professionals, and aspiring practitioners. Connect with a vibrant community focused on emerging global trends, technological advancements, and workforce development. Attend UWIC 2025 to learn, share ideas, and expand your professional network!

AFRL Space Cyber Summit (Albuquerque, New Mexico, USA, Oct 15 - 16, 2025) The AFRL Space Cyber Summit is an annual event hosted by the Air Force Research Laboratory (AFRL) to bring together experts from government, academia, and industry to advance space cyber expertise and technologies, foster community-wide collaboration, and anticipate future technology growth in a cyber-contested space domain. The summit aims to develop cyber-secure systems for space, protect against evolving threats, and identify opportunities for collaboration and innovation.

ISC2 Security Congress 2025 (Nashville + Virtual, Tennessee, USA, Oct 29 - 31, 2025) Join thousands of cybersecurity experts at ISC2 Security Congress 2025 and help lead the future of our connected world. Gain the insights you need to stay ahead of the evolving digital landscape. From innovative software to new security strategies, ISC2 Security Congress 2025 is designed to ensure you can navigate tomorrow’s threats.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 10.08.25

Top stories.

Chinese hackers infiltrated a major law firm.

EU Chief warns that Russia is at 'hybrid war' with Europe.

New, stealthy malware, "Lojax," is being deployed by Fancy Bear.

Notes.

Attacks, Threats, and Vulnerabilities

Security Patches, Mitigations, and Software Updates

Trends

Marketplace

Research and Development

Legislation, Policy, and Regulation

Litigation, Investigation, and Law Enforcement

Events