Check Point Software Hacked: Admin Account Compromised with Sensitive Data Leaked

By /

Listen to this Post

A threat actor known as CoreInjection has allegedly hacked Check Point Software, gaining access to an administrator account with extensive privileges. The attacker claims to have obtained:

✅ Internal network maps & architecture diagrams

✅ User credentials (hashed & plaintext passwords)

✅ Employee contact details (phone numbers, emails)

✅ Sensitive project documentation

✅ Proprietary software source code & binaries

Screenshots shared by the hacker show access to:

🔑 Admin-level API keys

🔄 Ability to edit accounts & reset 2FA

🔐 Internal application access

📜 Customer contracts & sensitive client data

You Should Know: How to Secure Your Systems Against Similar Attacks

1. Check for Compromised Credentials

Use Have I Been Pwned (HIBP) or DeHashed to verify if your credentials were leaked: 

curl -s "https://api.dehashed.com/[email protected]" -u "API_KEY:" | jq

2. Enable Multi-Factor Authentication (MFA) Everywhere

On Linux, use Google Authenticator for CLI-based MFA:

sudo apt install libpam-google-authenticator 
google-authenticator

Add to `/etc/pam.d/sshd`:

auth required pam_google_authenticator.so

3. Rotate API Keys & Secrets Immediately

Use AWS Secrets Manager or Hashicorp Vault to manage keys: 

aws secretsmanager rotate-secret --secret-id YOUR_SECRET_ID

4. Monitor for Unauthorized Access

Check SSH logs for brute-force attempts:

sudo grep "Failed password" /var/log/auth.log

5. Implement Zero Trust Architecture

Use BeyondCorp-style access controls:

 Example: Allow only specific IPs via UFW 
sudo ufw allow from TRUSTED_IP to any port 22

6. Encrypt Sensitive Data

Use GPG for file encryption:

gpg --encrypt --recipient [email protected] sensitive_file.txt

7. Conduct a Security Audit

Run Lynis for Linux hardening:

sudo lynis audit system

What Undercode Say

This breach highlights critical security gaps in privileged access management (PAM). Organizations must:
– Enforce MFA for all admin accounts
– Segment internal networks
– Monitor for lateral movement
– Use SIEM tools (Splunk, Wazuh)
– Regularly update incident response plans

Expected Output:

[+] MFA enforced on SSH 
[+] API keys rotated 
[+] Unauthorized login attempts logged 
[+] Sensitive files encrypted

Relevant URLs:

References:

Reported By: Alon Gal – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: