Legal technology platform Casepoint suffers a ransomware attack

Casepoint, a widely-used legal technology platform has recently become the target of a hacker group known as ALPHV/BlackCat.

ALPHV/BlackCat shared news of their successful breach of Casepoint on their dark web blog, where cybercriminals flaunt their latest victims. The group claims to have accessed 2TB of sensitive data, including company data, attorney files, and other confidential information. Screenshots accompanying their blog post depict what appears to be stolen legal agreements and a government ID.

Casepoint is renowned for providing state-of-the-art legal technology solutions to legal departments, law firms, and public agencies. The platform’s customers include the United States Courts, the Security Exchanges Commission (SEC), the Department of Defense (DoD), and the US National Credit Union Administration (NCUA), among others.

Recent developments indicate that ALPHV/BlackCat has shifted its focus towards targeting professional service providers. Notably, they announced a successful breach of Mazars Group, an internationally recognised audit, accounting, and consulting firm. This shift suggests the cybercrime group’s expanding reach and its intent to target organisations across various industries.

ALPHV/BlackCat came online around 2021, with the group claiming responsibility for over 60 major cyberattacks since then. They operate as a ransomware-as-a-Service (RaaS) business. Similar to other groups, they sell malware subscriptions to other criminals. What sets them apart is their utilisation of the Rust Programming language, as noted in Microsoft’s analysis. This language choice discloses their possible association with other prominent ransomware families such as Conti, LockBit, and REvil.