#CheckPoint Research revealed a sophisticated wave of attacks attributed to the Chinese #threat actor #InkDragon, which targets European governments while continuing campaigns in Southeast Asia and South America. The threat actor converts compromised #IIS servers into relay nodes with #ShadowPad, exploits predictable configuration keys for access, and deploys a new #FinalDraft #backdoor for exfiltration and lateral movement.

https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/

For the latest discoveries in cyber research for the week of 22nd December, please download our Threat Intelligence Bulletin from #CheckPoint Research. It covers the top breaches, threat actors and threat intelligence you need to know this week.

https://research.checkpoint.com/2025/22nd-december-threat-intelligence-report/

#cybersecurity

Google just lost its “trusted sender” advantage.

Our Email Security researchers uncovered a phishing campaign abusing Google Cloud Application Integration to send emails that look like routine Google notifications — and they’re landing straight in inboxes.

No spoofing. No fake domains. Just trusted infrastructure used against users.

👉 See how it works, who’s being targeted, and why it’s so hard to detect: https://blog.checkpoint.com/research/phishing-campaign-leverages-trusted-google-cloud-automation-capabilities-to-evade-detection/

#CheckPoint #CyberSecurity #Phishing #ThreatResearch

Join the conversation! This week a CheckMate posed an interesting question about site-to-site VPN outgoing route selection.

We want your input! Share your insights with the community and see if you have a solution to this community based inquiry!

Take a look a the post here: https://community.checkpoint.com/t5/Security-Gateways/About-site-to-site-VPN-outgoing-route-selection/m-p/265603#M52323

#CheckPoint #VPN #CheckMates #Postoftheweek

UNG0801: Tracking Threat Clusters obsessed with AV Icon Spoofing targeting Israel

An analysis of threat clusters, dubbed UNG0801 or Operation IconCat, targeting Israeli organizations. The actors use socially engineered phishing lures in Hebrew, exploiting antivirus icon spoofing from well-known vendors like SentinelOne and Check Point. Two distinct infection chains were identified, both utilizing AV-themed decoys dropped by malicious Word and PDF documents. The first campaign deploys a PyInstaller-based implant called PYTRIC, capable of system-wide wipes and backup deletion. The second campaign uses a Rust-based implant named RUSTRIC, focusing on antivirus enumeration and system information gathering. Both campaigns share similar tactics but differ in their ultimate objectives, with the first aimed at destruction and the second at espionage.

Pulse ID: 69497ab14e1d473cf9e65693
Pulse Link: https://otx.alienvault.com/pulse/69497ab14e1d473cf9e65693
Pulse Author: AlienVault
Created: 2025-12-22 17:06:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CheckPoint #CyberSecurity #Espionage #ICS #InfoSec #Israel #OTX #OpenThreatExchange #PDF #Phishing #RAT #Rust #SentinelOne #Word #bot #AlienVault

Cyberkriminelle zahlen bis zu 15.000 Dollar für Insider-Zugang zu Unternehmenssystemen

https://www.all-about-security.de/cyberkriminelle-zahlen-bis-zu-15-000-dollar-fuer-insider-zugang-zu-unternehmenssystemen/

#cyber #cyberkriminelle #cyberkriminalität #checkpoint #ransomware

Have you heard?! #CheckMates is turning 9 years old!

To celebrate our 9th birthday, we asked 9 questions to some of the leaders behind the scenes. Take a look at 9 fast facts from our Head of #Community, Val Loukine.

Join us for #CheckMatesFest 2026, our 9th Birthday Celebration, with community recognitions, exciting raffles, and a special greeting from our CEO.

Register here: https://checkpoint.zoom.us/webinar/register/3117654458096/WN_3F5pHP-JTlmSHy3pv_kOUQ

#Cybersecurity #Checkpoint

#CheckPoint researchers revealed a #phishing campaign where attackers impersonate file-sharing and e-signature services to deliver finance-themed lures that look like legitimate notifications. The attackers sent over 40,000 phishing emails targeting roughly 6,100 customers over the past two weeks, abusing Mimecast’s secure-link rewriting feature as a smokescreen to make their links appear safe and authenticated.

https://blog.checkpoint.com/email-security/40000-phishing-emails-disguised-as-sharepoint-and-and-e-signing-services-a-new-wave-of-finance-themed-scams/

Happy hump day! We’re celebrating our one and only #CheckMates MVP, Danny Jung.

If you’ve been in the #community for a while, Danny’s name should sound familiar. A former CheckMates Champion, he’s behind some of the most popular tools and posts in the community, including the legendary CCC – Common #CheckPoint Commands: https://community.checkpoint.com/t5/Scripts/ccc-Common-Check-Point-Commands/td-p/38488

Congratulations, Danny, on your Platinum MVP status. Can’t wait to celebrate you at #CheckMatesFest: https://checkpoint.zoom.us/webinar/register/3117654458096/WN_3F5pHP-JTlmSHy3pv_kOUQ

#CyberSecurity

#CheckPoint Research exposed #ValleyRAT’s modular system, including a kernel-mode #rootkit that can remain loadable on fully updated #Windows 11 despite built-in protections. The research linked leaked builder artifacts to plugins and identified about 6,000 samples, with roughly 85 percent emerging in the last six months after the builder’s public release.

https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/

For the latest discoveries in cyber research for the week of 15th December, please download our Threat Intelligence Bulletin from #CheckPoint Research.

https://research.checkpoint.com/2025/15th-december-threat-intelligence-report/

#cybersecurity #ThreatIntel

Ink Dragon's Relay Network and Stealthy Offensive Operation

Check Point Research has identified a new wave of attacks by the Chinese threat actor Ink Dragon, targeting government entities in Europe, Southeast Asia, and South America. The actor builds a victim-based relay network using a custom ShadowPad IIS Listener module, turning compromised servers into active nodes within a distributed mesh. Ink Dragon continues to exploit IIS misconfigurations for initial access and is evolving its operations with new TTPs and tools, including a new variant of FinalDraft malware. The group's campaigns combine software engineering, disciplined operational playbooks, and the use of platform-native tools to blend into normal enterprise telemetry, making their intrusions both effective and stealthy.

Pulse ID: 694173593290d291f99fc0c7
Pulse Link: https://otx.alienvault.com/pulse/694173593290d291f99fc0c7
Pulse Author: AlienVault
Created: 2025-12-16 14:57:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #CheckPoint #Chinese #CyberSecurity #Europe #Government #InfoSec #Malware #OTX #OpenThreatExchange #RAT #ShadowPad #SouthAmerica #bot #AlienVault

#CheckPoint Research reports a global rise in cyber attacks in November 2025, averaging 2,003 weekly attempts per organization, with education most targeted sector and rising exposure from generative AI. 727 ransomware incidents were recorded, a 22% increase YoY, with North America accounting for 55% of cases and industrial manufacturing being the top victim industry.

https://blog.checkpoint.com/research/global-cyber-attacks-increase-in-november-2025-driven-by-ransomware-surge-and-genai-risks/

#cyberattacks #genAI

🎄 Waiting on a holiday delivery? So are scammers.

#CheckPoint researchers uncovered a massive wave of AI-generated holiday scams disguised as festive emojis, fake ads, and “missed package” alerts.

33,500+ phishing emails and 10,000 fake ads every day.
Festive on the surface. Malicious by design.

👉 Stay safe this holiday season and read the full report: https://blog.checkpoint.com/research/from-fake-deals-to-phishing-the-most-effective-christmas-scams-of-2025/

#CyberSecurity #AI

Today’s CheckMates MVP Heiko Akenbrand is behind some of the most widely used tools in the CheckMates Toolbox including the SmartConsole Extension - Easy deletion of unused rules and the Easy Backup Tool. These scripts have been used consistently by CheckMates all over the world and have made a real impact on our community.

Congratulations Heiko, we are grateful for your contributions!

Take a look at it: https://community.checkpoint.com/t5/SmartConsole-Extensions/SmartConsole-Extension-Easy-deletion-of-unused-rules/m-p/256149#M403

#CheckMates #community #CheckPoint

Join us for an exclusive webinar to unlock everything CheckMates has to offer and learn how to get the most from your Check Point solutions.

In this interactive session, you’ll learn how to:
🧭 Navigate the CheckMates Community like a pro
🤓 Get fast access to expert knowledge
🌎 Share insights and collaborate globally
🔝 Maximize your value from Check Point

CheckMates is more than a forum. It's a force multiplier for learning.

https://pages.checkpoint.com/2025-december-ww-checkmates-unlocking-to-connect-webinar.html

#CheckMates #CheckPoint #community

GenAI apps and agents introduce entirely new attack surfaces. Traditional security controls weren’t built to prevent prompt injection, data leakage, or AI-driven abuse, leaving organizations exposed.

CloudGuard WAF closes that gap. Its dual-layer ML engine autonomously protects GenAI apps, APIs, and agents with high accuracy and minimal false positives-no manual tuning, no noise, no guesswork.

https://www.checkpoint.com/resources/items/white-paper-cloudguard-waf-security-for-genai-applications

#CheckPoint #CloudGuard #WAF

#CheckPoint Research shared details of a critical exploit in #Yearn Finance’s yETH pool, where an attacker abused a smart contract flaw to mint trillions of tokens with a minuscule deposit, resulting in the theft of approximately $9 million in assets from the Ethereum-based DeFi protocol.

https://research.checkpoint.com/2025/16-wei/

We are excited to announce the release of the full video showcasing Check Point’s latest addition to the Quantum Force family. This introduction highlights how the new appliance brings advanced threat prevention, accelerated performance, and simple scalability to branch offices and distributed environments. Watch the Full Video here:

https://community.checkpoint.com/t5/Security-Gateways/Quantum-Force-The-Next-Generation-of-Branch-Office-Security/m-p/264835

#CheckMates #CheckPoint #QuantumForce

Traditional WAFs are more expensive than they look: Hidden costs pile up-manual tuning, false positives, downtime, and breach fallout that drain your team, your time, and your budget.

Meet Check Point CloudGuard WAF: Our AI-powered, prevention-first approach eliminates noisy alerts, cuts operational overhead, reduces risk exposure, and delivers industry-leading protection-making it the most cost-effective WAF on the market.

(1/2)

#CheckPoint #CloudGuard #CloudGuarWAF #ChillwithCloudGuard