Cyber Crime

BlackCat claims the hack of the Casepoint legal technology platform used by US agencies

The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI.

The cybersecurity researcher Dominic Alvieri first noticed that the BlackCat ransomware gang added the company Casepoint to the list of victims on its Tor Dark Web site.

Casepoint provides a leading legal discovery platform used by several US agencies, including the SEC, FBI, and US Courts.

The gang claims to have stolen 2TB of sensitive data, belonging to lawyers, SEC, DoD, FBI, Police and more.

“We have over 2TB of very sensitive data, lawyers, SEC, DoD, FBI, Police and more. We encourage you to get in touch or we’ll start posting your data on our blog soon. We mailed you the login link.” reads the nessage published on the leak site. “We encourage you to get in touch or we’ll start posting your data on our blog soon. We mailed you the login link.”

In the event that the security breach is verified, it is reasonable to speculate that the ransomware group might have compromised sensitive and possibly classified information. The potential leakage of such data could result in significant consequences for the company’s customers.

The ransomware group shared credentials for some resources of the breached infrastructure and some images of the alleged stolen documents. The gang urges the company to start negotiating.

“We advise you to hurry up and start negotiating with us, otherwise it will be very bad for your company.” concludes the message. “We attach a new file, it’s from the FBI, just for internal forwarding.”

BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victim is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA, the US defense contractor NJVC, gas pipeline Creos Luxembourg S.A., the fashion giant Moncler, and the Swissport.

The ransom demands of the group range from a few tens of thousands of dollars up to tens of millions of dollars.

Trend Micro researchers recently shared details about an ALPHV/BlackCat ransomware incident that took place on February 2023. A BlackCat affiliate employed signed malicious Windows kernel drivers to evade detection.

The use of a Windows kernel driver, which runs with the highest privileges in the OS, allows attackers to kill any process associated with defense products.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, BlackCat)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Earth Krahang APT breached tens of government organizations worldwide

Trend Micro uncovered a sophisticated campaign conducted by Earth Krahang APT group that breached 70…

2 hours ago

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product. Fortra has released…

13 hours ago

Fujitsu suffered a malware attack and probably a data breach

Technology giant Fujitsu announced it had suffered a cyberattack that may have resulted in the…

15 hours ago

Remove WordPress miniOrange plugins, a critical flaw can allow site takeover

A critical vulnerability in WordPress miniOrange's Malware Scanner and Web Application Firewall plugins can allow…

21 hours ago

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

Resecurity reported about the increasing wave of cyber incidents targeting the aerospace and aviation sectors.…

24 hours ago

Email accounts of the International Monetary Fund compromised

Threat actors compromised at least 11 International Monetary Fund (IMF) email accounts earlier this year,…

1 day ago

This website uses cookies.