The CNF October 22, 2025 forensic report details a coordinated Advanced Persistent Threat campaign targeting Florida’s legal and judicial digital infrastructure. CNF’s analysis of DNS records, registrar changes, portal logs, email metadata, and endpoint telemetry shows that threat actors infiltrated the Florida Bar employee and membership portals and the MyFLCourtAccess e-filing system, harvesting credentials and submitting unauthorized filings. The activity was precisely synchronized with DNS and registrar manipulation, including typosquat domains, AWS Route 53 control, and adversary-in-the-middle email interception. CNF correlates these intrusions with procedural anomalies and case disruptions in state and federal courts, characterizing the operation as “procedural cyber warfare.” Controlled tests confirmed active monitoring and rapid attacker response. With high confidence, CNF attributes the campaign to a templated APT consistent with Wizard Spider/Conti tradecraft, aligned with infrastructure identified in Microsoft’s federal litigation.
