Skip to main content
close search
site logo
Dive Brief

Check Point Software customers targeted by hackers using old, local VPN accounts

The incidents mark the latest attempts to compromise organizations by exploiting vulnerable edge devices used for remote access.

Published May 28, 2024
David Jones's headshot
Reporter
Team of hackers dressed in black work on computers in dark room.
gorodenkoff via Getty Images

Dive Brief:

  • Check Point Software Technologies is warning its customers that malicious actors are attempting to hack a small number of targeting old VPN local accounts with password-only authentication methods, according to a blog post released Monday.
  • The company has been monitoring attempts to gain unauthorized access to these accounts following months of high-profile attacks in the U.S. and elsewhere involving threat groups hacking into remote access VPN environments.  
  • Check Point said it assembled a team of incident response, product and technical service experts and determined a few other customers that were targeted by similar methods. As of Friday a total of three attempts have been identified globally, however the company continues to investigate and will provide updates when additional information is learned. 

Dive Insight:

The attacks on Check Point customers follow months of threat activity targeting organizations that use VPN devices for secure remote access. 

State-linked threat groups have targeted a number of vendors, exploiting critical vulnerabilities in attacks against organizations using edge devices. 

As previously reported, vendors including Cisco and Ivanti, and others have been targeted in recent months by hackers targeting organizations that use vulnerable edge devices. 

Volt Typhoon, a threat group linked to the People’s Republic of China, has also been linked to extensive targeting of critical infrastructure in the U.S. 

Check Point Software Chief of Staff Gil Messing said the company sent a letter to customers last week about the attacks and the company will provide additional updates as it learns more information. 

“Old, unused accounts with password only are an unrecommended cyber hygiene habit,” Messing said. 

The company released a hotfix that customers can download in order to block this type of activity. 

The company declined to provide specifics about where the customers are located, but said government cybersecurity authorities have been notified about the incidents.

Filed Under: Vulnerability, Threats

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell