Cyber Incident Victim: Check Point Software Technologies
Date:
Apr 2023
Location:
Israel
Summary
A cyberattack by the group 'Anonymous Sudan' briefly took down the website of cybersecurity firm Check Point. The incident was part of a larger DDoS campaign targeting Israeli infrastructure, including multiple major universities and medical centers. The group's stated motive was related to the Israeli-Palestinian conflict. Check Point's website experienced only a few minutes of disruption due to its protections, with the company confirming its sites returned to normal operation and no data was stolen.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the afternoon of April 4, 2023, a group identifying itself as "Anonymous Sudan" executed a cyberattack against the website of Check Point Software Technologies Ltd., one of Israel's largest cybersecurity companies. The attack resulted in the temporary takedown of the company's public-facing website. This incident was part of a broader campaign targeting Israeli online infrastructure, as the same hacker group had earlier in the day attacked the websites of multiple major Israeli universities. The universities affected included Tel Aviv University, the Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, the Weizmann Institute of Science, the Open University of Israel, and Reichman University. These institutional websites were reported to have been down and unavailable for browsing for several hours.
The attack on Check Point was characterized as a Distributed Denial of Service (DDoS) attack, a technique designed to overwhelm a target website with an enormous volume of requests, rendering it inaccessible to legitimate users. According to a statement released by a Check Point spokesperson, the company's website was subjected to a large-scale attack. The spokesperson confirmed that the website was protected by high-level DDoS mitigation defenses, which they described as being among the strongest in the world. Despite the scale of the attack, the impact on Check Point's website was brief. The site's availability was affected for only a few minutes before it returned to normal operation. The company's internal systems and services were not compromised; the incident was confined to the public website's availability.
Following the brief disruption, Check Point's spokesperson publicly stated that all of the company's sites were functioning well. They credited the company's robust protective measures for the swift recovery and emphasized that the site worked as usual and was not damaged by the attack. The spokesperson's comments framed the event as a temporary and superficial disruption that was successfully contained and neutralized by their existing security infrastructure. The company's response was communicated publicly as a means to assure customers and stakeholders of the resilience of their systems.
The threat actor, Anonymous Sudan, claimed responsibility for the attack through a statement published on its Telegram channel. The group listed the websites it had targeted, including Check Point and the numerous universities. Their stated motivation was political, citing actions taken in Palestine as the reason for targeting the Israeli education sector. The message on Telegram read, "Infrastructure: Universities - Israel education sector has been dropped Because of what they did in Palestine." In addition to this claim, the group announced that the attacks conducted on April 4th were not their main operation, which they indicated would occur on April 7th. It was not clear from available information whether any of the attacks had managed to penetrate beyond the public-facing websites into the internal systems of the targeted institutions.
The broader context of the incident was part of a campaign known as OPIsrael, in which activist groups coordinate to attack Israeli internet targets. According to media reports, some of the websites attacked on that Tuesday became available again after several hours. Check Point itself provided analysis to another news outlet, characterizing these attacks as service-preventing attacks that only bring down websites and do not involve information theft. The company noted that recovery from such attacks is relatively easy compared to more severe incidents like ransomware attacks or data breaches. However, Check Point also stated that it could be assumed these groups were attempting to develop capabilities for more significant and damaging attacks in the future.
The scope of the campaign extended beyond educational institutions and a cybersecurity firm. According to reports citing Check Point, the Anonymous Sudan group also briefly attacked websites related to several Israeli medical centers, including Rambam Hospital in Haifa. The hospital, however, subsequently denied that it had been attacked, creating a discrepancy in the reported impact. This highlights the challenge in confirming the full extent of such broad, multi-target DDoS campaigns. The primary consequence of these attacks was temporary service disruption and inconvenience for users attempting to access the targeted websites. There was no evidence presented to suggest any data exfiltration, system infiltration, or permanent damage to any of the targeted entities. The incident demonstrated the ongoing use of DDoS as a tool for hacktivism and political protest, aimed at causing temporary disruption and generating publicity for a cause.