BlackCat claims the hack of the Casepoint legal technology platform used by US agencies

The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI.

The cybersecurity researcher Dominic Alvieri first noticed that the BlackCat ransomware gang added the company Casepoint to the list of victims on its Tor Dark Web site.

Casepoint provides a leading legal discovery platform used by several US agencies, including the SEC, FBI, and US Courts.

The gang claims to have stolen 2TB of sensitive data, belonging to lawyers, SEC, DoD, FBI, Police and more.

“We have over 2TB of very sensitive data, lawyers, SEC, DoD, FBI, Police and more. We encourage you to get in touch or we’ll start posting your data on our blog soon. We mailed you the login link.” reads the nessage published on the leak site. “We encourage you to get in touch or we’ll start posting your data on our blog soon. We mailed you the login link.”

In the event that the security breach is verified, it is reasonable to speculate that the ransomware group might have compromised sensitive and possibly classified information. The potential leakage of such data could result in significant consequences for the company’s customers.

The ransomware group shared credentials for some resources of the breached infrastructure and some images of the alleged stolen documents. The gang urges the company to start negotiating.

“We advise you to hurry up and start negotiating with us, otherwise it will be very bad for your company.” concludes the message. “We attach a new file, it’s from the FBI, just for internal forwarding.”

BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victim is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA, the US defense contractor NJVC, gas pipeline Creos Luxembourg S.A., the fashion giant Moncler, and the Swissport.

The ransom demands of the group range from a few tens of thousands of dollars up to tens of millions of dollars.

Trend Micro researchers recently shared details about an ALPHV/BlackCat ransomware incident that took place on February 2023. A BlackCat affiliate employed signed malicious Windows kernel drivers to evade detection.

The use of a Windows kernel driver, which runs with the highest privileges in the OS, allows attackers to kill any process associated with defense products.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, BlackCat)