BlackCat Hacks Major U.S. Legal Platform

This post is also available in: עברית (Hebrew)

Legal technology platform Casepoint was allegedly hacked by a ransomware group called ALPHV/BlackCat and announced it has activated its incident response protocols. The attackers posted additional sensitive data in response.

This platform is used by the United States Courts, the US Security Exchanges Commission (SEC), and the Department of Defense (DoD). And while the attack has not been officially confirmed, the security measures taken hint at a risk of a breach.

“On Tuesday, May 30th, Casepoint activated our incident response protocols and engaged an external forensic firm to help us investigate a potential incident and to serve as an extra set of eyes on the remediation work we’ve already performed to date,” the company told Cybernews.

Meanwhile, ALPHV/Blackcat posted extremely sensitive data allegedly related to Casepoint and other sensitive details.

According to Cybernews, ALPHV/Blackcat is a ransomware group first observed in 2021, that operates a ransomware-as-a-service (RaaS) business, selling malware subscriptions to criminals. The gang claims that they stole 2TB of data, including sensitive information from various lawyers, SEC, DoD, FBI, Police, and other organizations. “You don’t have to do forensics to know that we were in your network. Here’s the proof,” the cybercriminals said.

According to cybersecurity analyst ANOZR WAY, ALPHV/BlackCat has been among the most active ransomware gangs and was responsible for approximately 12% of all attacks in 2022.

Casepoint’s spokesperson said: “We are early on in our investigation and are committed to keeping our clients informed as we learn more. We’re on top of it, and we know that transparency and proactivity are key to a good response to these types of matters.”