US law firm hackers breached email accounts, exfiltrated data

A recent cyberattack targeted a prominent US law firm, where hackers successfully breached email accounts and exfiltrated sensitive data. This incident highlights the increasing threat landscape facing legal institutions, which often hold confidential client information and critical case data. The attackers exploited vulnerabilities to gain unauthorized access, emphasizing the need for robust cybersecurity measures within the legal sector. Organizations are urged to implement multi-factor authentication, continuous monitoring, and employee training to mitigate such risks. This breach serves as a stark reminder of the evolving tactics employed by cybercriminals and the importance of proactive defense strategies to protect sensitive communications and data assets.

This Cyber News was published on therecord.media. Publication date: Wed, 08 Oct 2025 16:40:28 +0000


Cyber News related to US law firm hackers breached email accounts, exfiltrated data

Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
1 year ago Darkreading.com LockBit
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 year ago Aws.amazon.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
1 year ago Esecurityplanet.com
10 Best Email Security Gateways in 2025 - Barracuda Email Security Gateway is a solution that helps protect organizations from email-borne threats such as spam, viruses, phishing, and other malicious content. It uses various methods, including filtering, encryption, and sandboxing, to ...
7 months ago Cybersecuritynews.com
Five best practices for securing Active Directory service accounts - Windows Active Directory (AD) service accounts are prime cyber-attack targets due to their elevated privileges and automated/continuous access to important systems. To support software-specific functions, service accounts require elevated permissions ...
7 months ago Bleepingcomputer.com
Law Firms are Raising the Bar on Cybersecurity - Corresponding with recent increases in threat actor activity in the legal industry, law firms are investing more time and attention in modernizing security operations. Both midsize and large law firms are increasingly engaging with cybersecurity ...
2 years ago Bluevoyant.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
1 year ago Cybersecuritynews.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
1 year ago Securityboulevard.com APT29
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
How Cybersecurity for Law Firms has Changed - The public nature of the legal system makes law firms particularly vulnerable to a growing number of cybersecurity risks. Law firms have unique access to highly confidential client information and as a result, face a growing number of federal, ...
1 year ago Securityboulevard.com
Essential Email and Internet Safety Tips for College Students - Your email is one of the most important digital assets and identities because it helps you create accounts on other platforms. Securing your email requires you to pay attention to your passwords, gadgets, and the links you engage with. The places you ...
1 year ago Securityboulevard.com
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
1 year ago Bleepingcomputer.com APT29
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
1 year ago Securityzap.com
ID Theft Service Resold Access to USInfoSearch Data - One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least ...
1 year ago Krebsonsecurity.com Hunters
States Attack Young People's Constitutional Right to Use Social Media: 2023 Year in Review - Legislatures in more than half of the country targeted young people's use of social media this year, with many of the proposals blocking adults' ability to access the same sites. Courts blocked several of these laws for violating the First ...
1 year ago Eff.org
US law firm hackers breached email accounts, exfiltrated data - A recent cyberattack targeted a prominent US law firm, where hackers successfully breached email accounts and exfiltrated sensitive data. This incident highlights the increasing threat landscape facing legal institutions, which often hold ...
2 hours ago Therecord.media
City of Philadelphia discloses data breach after five months - The City of Philadelphia is investigating a data breach after attackers "May have gained access" to City email accounts containing personal and protected health information five months ago, in May. While officials discovered the incident on May 24 ...
1 year ago Bleepingcomputer.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com APT29
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com APT29
International Monetary Fund email accounts hacked in cyberattack - The International Monetary Fund disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. This international financial institution, funded by 190 member countries, is also a major United Nations ...
1 year ago Bleepingcomputer.com
HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
1 year ago Bleepingcomputer.com Cozy Bear APT29
HPE investigates new breach after data for sale on hacking forum - Hewlett Packard Enterprise is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. The company has told ...
1 year ago Bleepingcomputer.com APT1 APT29
10 Best Anti-Phishing Tools in 2025 - What is Good?What Could Be Better?Real-time email threat detection and response using AI and machine learning.Limited customer support optionsAutomates incident response to stop phishing attacks quickly.The training module is not entirely ...
2 months ago Cybersecuritynews.com
The law enforcement operations targeting cybercrime in 2023 - In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. While some of these operations were more successful ...
1 year ago Bleepingcomputer.com
Beware: PayPal "New Address" feature abused to send phishing emails - The email includes the new address that was allegedly added to your PayPal account, including a message claiming to be a purchase confirmation for a MacBook M4, and to call the enclosed PayPal number if you did not authorize the purchase. The goal of ...
7 months ago Bleepingcomputer.com

Cyber Trends (last 7 days)