SEC, US Courts, and DoD legal platform allegedly breached

Casepoint, a legal technology platform used by the United States Courts, Security Exchanges Commission (SEC), and the Department of Defense (DoD), was posted on a dark web blog run by cybercriminals.

Russia-linked ransomware cartel ALPHV/BlackCat posted Casepoint on their dark web blog, which criminals use to showcase their latest victims. Cybercrooks claim they’ve stolen 2TB of sensitive data.

We have reached out to Casepoint and its media contact for comment but did not receive a reply before publishing this article.

The ALPHV/BlackCat blog post says crooks took company data, attorney files, and other sensitive information. The attackers included several screenshots of the supposedly stolen data, including what appears to be a legal agreement and a government ID.

Casepoint breach
Casepoint on the gang's dark web blog. Image by Cybernews.

Casepoint is a popular legal technology firm used by legal departments, law firms, and public agencies to navigate through data. Users upload documents to Casepoint‘s cloud database, where the input is processed for smoother analysis.

The company boasts many high-profile clients such as the United States Courts, SEC, DoD, the US National Credit Union Administration (NCUA), hotel operator Marriott, German industrial giant ThyssenKrupp, academic medical center Mayo Clinic, railway operator BNSF Railway, and others.

ALPHV/BlackCat seem to be focused on professional service providers recently. Last week, the gang said it breached Mazars Group, an international audit, accounting, and consulting firm.

What is ALPHV/BlackCat ransomware?

ALPHV/BlackCat ransomware was first observed in 2021. Like many others in the criminal underworld, the group operates a ransomware-as-a-service (RaaS) business, selling malware subscriptions to criminals.

The gang was noted for its use of the Rust programming language. According to an analysis by Microsoft, threat actors that began deploying it were known to work with other prominent ransomware families such as Conti, LockBit, and REvil.

The FBI believes that money launderers for the ALPHV/BlackCat cartel are linked to Darkside and Blackmatter ransomware cartels, indicating that the group has a well-established network of operatives in the RaaS business.

Lately, ALPHV/BlackCat has been among the most active ransomware gangs. According to cybersecurity analyst ANOZR WAY, the group was responsible for approximately 12% of all attacks in 2022.

More from Cybernews:

Swiss real estate agency fails to put a password on its systems

NASA nails fastest data transmission in space - 1000 movies in 6 minutes

Competitors mercilessly troll Netflix over password-sharing crackdown

AI could help find owner of luxury necklace spotted in Titanic wreckage

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked