Check Point Software confirms security incident but pushes back on threat actor claims

Check Point Software confirmed it was targeted in a recent hacking attempt after a threat actor offered to sell sensitive customer information on a dark web forum. The security firm however, pushed back against the significance of the claims, saying the incident was old and limited to a few customers. 

A threat actor, identified as Coreinjection, offered to sell information in the dark web that included source code, internal network maps and user credentials, according to a LinkedIn post from Alon Gal, co-founder and CTO at Hudson Rock. 

The threat actor posted screenshots from what appeared to be an admin account that had access to a Check Point portal, according to Gal’s post. The threat actor demanded $420,000 in bitcoin. 

Check Point officials, however, downplayed the significance of the incident, saying it was limited to a few customers in a December incident and had been long resolved. 

“This is an old, known and very pinpointed event which involved only a few organizations and portal that does not include customers’ systems, production or security architecture,” Gil Messing, chief of staff at Check Point, told Cybersecurity Dive via email Monday. 

Messing said the incident was handled months earlier and didn’t match information claimed by the threat actor. 

Check Point issued a security advisory on Tuesday on the scope of the incident and to help customers take additional steps. 

More threat claims

The same threat actor later posted additional claims that Check Point was involved in a more recent breach in March, but a Check Point spokesperson told Cybersecurity Dive that the hacker had posted information of previously leaked “user center” credentials that were likely stolen over a period of time and gathered from various forums.

Check Point said the newly posted information was not related to any of its users and was likely collected from various forums.