Daniel Kuhl ✌🏻☮️☕️#CheckPoint Research noticed a surge in #darknet campaigns #recruiting insiders at banks, crypto exchanges, telecoms, and major tech firms to sell access and data. Listings advertise payouts of $3,000 to $15,000, offer datasets like 37 million records for $25,000, and solicit telecom staff for SIM swapping to bypass two-factor authentication.
#CheckPoint Research analyzed #GachiLoader, a Node.js–based #malware loader observed in a campaign linked to the #YouTube #GhostNetwork. The campaign is notable for extensive obfuscation and a previously undocumented PE injection technique. GachiLoader deploys a second-stage loader, #Kidkadi, which abuses Vectored Exception Handling (VEH) in a novel method, dubbed Vectored Overloading.
https://research.checkpoint.com/2025/gachiloader-node-js-malware-with-api-tracing/
#CheckPoint Research revealed a sophisticated wave of attacks attributed to the Chinese #threat actor #InkDragon, which targets European governments while continuing campaigns in Southeast Asia and South America. The threat actor converts compromised #IIS servers into relay nodes with #ShadowPad, exploits predictable configuration keys for access, and deploys a new #FinalDraft #backdoor for exfiltration and lateral movement.
https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/
Ink Dragon's Relay Network and Stealthy Offensive Operation
Key Findings Introduction Check Point Research tracks a sustained, highly capable espionage cluster, which we refer to as Ink Dragon, and is referenced in other reports as CL-STA-0049, Earth Alux, or REF7707. This cluster is assessed by several vendors to be PRC-aligned. Since at least early 2023, Ink Dragon has repeatedly targeted government, telecom, and […]
For the latest discoveries in cyber research for the week of 22nd December, please download our Threat Intelligence Bulletin from #CheckPoint Research. It covers the top breaches, threat actors and threat intelligence you need to know this week.
https://research.checkpoint.com/2025/22nd-december-threat-intelligence-report/
22nd December – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 22nd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES An adult content platform PornHub has disclosed a data breach linked to analytics provider Mixpanel. The breach exposed more than 200 million records related to Premium users, including email addresses, search, watch, […]
Google just lost its “trusted sender” advantage.
Our Email Security researchers uncovered a phishing campaign abusing Google Cloud Application Integration to send emails that look like routine Google notifications — and they’re landing straight in inboxes.
No spoofing. No fake domains. Just trusted infrastructure used against users.
👉 See how it works, who’s being targeted, and why it’s so hard to detect: https://blog.checkpoint.com/research/phishing-campaign-leverages-trusted-google-cloud-automation-capabilities-to-evade-detection/
Join the conversation! This week a CheckMate posed an interesting question about site-to-site VPN outgoing route selection.
We want your input! Share your insights with the community and see if you have a solution to this community based inquiry!
Take a look a the post here: https://community.checkpoint.com/t5/Security-Gateways/About-site-to-site-VPN-outgoing-route-selection/m-p/265603#M52323
About site-to-site VPN outgoing route selection
This is more of an academic question, rather than me having an issue I would like to solve. There are 2 interesting settings in the "outgoing route selection" section of the "IPSec VPN > Link Selection" panel: 1. Setup: When responding to a remotely initiated tunnel, determine the outgoing interfa...
OTX BotUNG0801: Tracking Threat Clusters obsessed with AV Icon Spoofing targeting Israel
An analysis of threat clusters, dubbed UNG0801 or Operation IconCat, targeting Israeli organizations. The actors use socially engineered phishing lures in Hebrew, exploiting antivirus icon spoofing from well-known vendors like SentinelOne and Check Point. Two distinct infection chains were identified, both utilizing AV-themed decoys dropped by malicious Word and PDF documents. The first campaign deploys a PyInstaller-based implant called PYTRIC, capable of system-wide wipes and backup deletion. The second campaign uses a Rust-based implant named RUSTRIC, focusing on antivirus enumeration and system information gathering. Both campaigns share similar tactics but differ in their ultimate objectives, with the first aimed at destruction and the second at espionage.
Pulse ID: 69497ab14e1d473cf9e65693
Pulse Link: https://otx.alienvault.com/pulse/69497ab14e1d473cf9e65693
Pulse Author: AlienVault
Created: 2025-12-22 17:06:57
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CheckPoint #CyberSecurity #Espionage #ICS #InfoSec #Israel #OTX #OpenThreatExchange #PDF #Phishing #RAT #Rust #SentinelOne #Word #bot #AlienVault
AllAboutSecurityCyberkriminelle zahlen bis zu 15.000 Dollar für Insider-Zugang zu Unternehmenssystemen
#cyber #cyberkriminelle #cyberkriminalität #checkpoint #ransomware
Cyberkriminelle zahlen bis zu 15.000 Dollar für Insider-Zugang zu Unternehmenssystemen
Darknet-Foren bieten Mitarbeitern von Banken, Telekommunikations- und Technologiefirmen 3.000 bis 15.000 Dollar für vertrauliche Daten und Systemzugriffe. Die Insider-Rekrutierung nimmt stark zu.
Have you heard?! #CheckMates is turning 9 years old!
To celebrate our 9th birthday, we asked 9 questions to some of the leaders behind the scenes. Take a look at 9 fast facts from our Head of #Community, Val Loukine.
Join us for #CheckMatesFest 2026, our 9th Birthday Celebration, with community recognitions, exciting raffles, and a special greeting from our CEO.
Register here: https://checkpoint.zoom.us/webinar/register/3117654458096/WN_3F5pHP-JTlmSHy3pv_kOUQ
Welcome! You are invited to join a webinar: CheckMates Fest 2026!. After registering, you will receive a confirmation email about joining the webinar.
Join us on January 14, 2026, for CheckMates Fest! Here’s what we’re lining up for you: - A celebration of the community achievements in 2025 - Insights from Nadav and our R&D leaders on exciting innovations - An exclusive sneak peek at the upcoming roadmap - The traditional "Ask Me Anything" session with R&D - Overview of our MVP program and celebration of the 2025 champions - And more! We can’t wait to see you there!
#CheckPoint researchers revealed a #phishing campaign where attackers impersonate file-sharing and e-signature services to deliver finance-themed lures that look like legitimate notifications. The attackers sent over 40,000 phishing emails targeting roughly 6,100 customers over the past two weeks, abusing Mimecast’s secure-link rewriting feature as a smokescreen to make their links appear safe and authenticated.
