Check Point Software Technologies, a prominent Israeli cybersecurity firm, confirmed a data breach attributed to the threat actor known as "CoreInjection".
Check Point Breached Through Compromised Portal Account
Threat actor claims theft of internal docs, credentials, and source code.
What is the attack?
The actor claimed to have exfiltrated sensitive data including internal documentation, credentials, source code, network diagrams, and employee contact information. This dataset is allegedly being sold for 5 Bitcoin.
While Check Point acknowledged the breach, it described the incident as an outdated event from December 2024 with limited impact, emphasizing that no production environments or customer-facing systems were compromised.
Why did it get through?
The breach originated from the compromise of a portal account with limited access. The compromised credentials allowed access to three organizations' tenants within a Check Point portal.
According to the company, this portal does not provide access to customer systems, production environments, or sensitive architecture.
The exposed data reportedly includes account names, product names, employee emails, and contact details—not more sensitive operational or source code assets, as claimed by the threat actor.
What is required to solve for this attack?
Enforce strong multi-factor authentication (MFA) across all internal portals, especially those with partner or tenant access.
Deploy real-time monitoring and anomaly detection for user behaviors and portal access.
Conduct routine security assessments on all externally accessible systems, especially third-party portals.