Check Point has addressed concerns following a claim by a hacker named Corelinjection, who alleges the acquisition of sensitive company data. This data reportedly was gathered over time without any breaches of the company’s internal systems.
The hacker has publicly offered the stolen information for a price of 5 bitcoin, which is roughly equivalent to 400,000 euros. The announcement was made on BreachForums, where Corelinjection asserted possession of login credentials, source code, employee contact information, project documentation, and various forms of sensitive data.
Clarifications from Check Point
Despite the alarm raised by this claim, Check Point maintains that there has been no actual breach of their systems. The company suggests that the data was most likely collected using infostealer malware, which infects individual users’ devices to harvest sensitive information. This is a typical approach leveraged by cybercriminals to acquire login details.
Check Point further posits that the hacker is propagating misleading narratives by referencing a past incident, which creates the false impression of a current security breach. The company has categorized the data being offered for sale as irrelevant, noting that it had previously investigated similar claims and found them lacking in substance. One particular piece of evidence presented by the hacker—the screenshot of an email—was identified as a fabrication, originating from a fictitious Check Point account and discussing a breach that did not occur. Additionally, the email contained a misspelled reference to Check Point.
Context of False Claims
While many high-profile hack claims are substantiated, there have been notable instances of deception. Earlier this year, the hacker group Space Bears made allegations against Atos, which the company later refuted, confirming that their IT infrastructure remained secure and no access to source code or sensitive data had been compromised.
Entities such as Check Point are often prime targets for cybercriminals due to their critical role in cybersecurity. A successful breach would not only jeopardize the company’s operations but could also facilitate attacks on their clients, as security firms possess extensive access that could yield valuable insights for attackers. This underscores the potential risks associated with infiltrations into cybersecurity organizations.
In response to these threats, Check Point is actively enhancing its security posture. The company has recently formed a partnership with Wiz, a cloud security firm that has attracted significant investment following its acquisition by Alphabet, Google’s parent company, for an estimated value of 32 billion dollars.
In the context of MITRE ATT&CK frameworks, the tactics possibly exploited in these scenarios include initial access via infostealer techniques, persistence through malware, and obfuscation of true intentions by generating false narratives around breaches. Understanding these tactics is crucial for businesses aiming to fortify their defenses against evolving cyber threats.
