CoreInjection Claims Responsibility for Check Point Cybersecurity Breach
A hacker known as CoreInjection has come forward to take credit for hacking into the systems of Israeli cybersecurity company Check Point. The hacker made these claims public on Breach Forums on March 30, 2025, offering to sell the stolen data for 5 Bitcoin, equivalent to $434,570, with cryptocurrency being the only accepted form of payment.
The data being sold by CoreInjection includes internal project documentation, user credentials in both hashed and plaintext form, internal network maps and architecture diagrams, source code and compiled binaries of proprietary software, as well as employee contact details like phone numbers and email addresses. This breach raises serious concerns about the security of sensitive information held by Check Point.
In response to these claims, Check Point issued a statement denying the severity of the breach, stating that it was an old and isolated incident that had been resolved months ago. The company reassured its customers that no core systems were compromised in this breach and that there was no threat to their infrastructure or operations. Check Point emphasized that the affected portal did not contain any sensitive architecture or production environments.
CoreInjection, the hacker behind the breach, is relatively new to the cybercrime scene but has quickly gained notoriety for targeting critical infrastructure and high-profile networks, particularly in Israel. Since their first appearance on Breach Forums on March 15, 2025, CoreInjection has posted multiple listings offering network access to various companies. These listings have included access to industrial machinery admin panels, network infrastructure of international car companies, central servers managing digital displays in shopping malls, and exclusive customer databases from Israeli companies.
The hacker’s focus on critical systems and high-value access, particularly in Israel, has raised red flags among cybersecurity experts. Given the history of groups targeting Israeli infrastructure, the sale of such access by CoreInjection could lead to potentially damaging cyberattacks. Whether CoreInjection is acting alone or as part of a larger group remains unclear, but their activities have garnered attention in both underground forums and the cybersecurity community.
Questions still remain about the nature of the breach and the extent of the stolen data. The detailed description provided by the hacker suggests a level of access that Check Point has downplayed. The lack of transparency from Check Point regarding the incident, including how it occurred and whether any suspects have been identified, raises concerns about the ongoing security of their systems.
This breach serves as a reminder that even cybersecurity vendors are not immune to cyber threats. With cybercriminals increasingly targeting defense firms, the importance of robust security measures and thorough investigation into breaches like this one cannot be overstated. As the situation unfolds, the cybersecurity community will be watching closely to see how Check Point responds and what measures they take to strengthen their defenses against future attacks.