When was the vulnerability CVE-2024-24919 patched by Check Point?

The vulnerability CVE-2024-24919 was patched by Check Point at the end of May 2024.

When did the breach of the CDU party headquarters become known?

The breach became known on Friday, May 31, 2024, and was detailed on Saturday, June 2, 2024.

Who are suspected to be behind the CDU cyberattack?

While there is no confirmed attribution, suspicions point to APT29, part of the Russian GRU, as being behind the CDU cyberattack.

Which German authorities are involved in the investigation of the CDU cyberattack?

The Federal Office for the Protection of the Constitution and the Federal Ministry of the Interior are involved in the investigation of the CDU cyberattack. The Bundestag and parliamentary group leaders have also been informed about possible precautions.

Why has the timing of the CDU cyberattack raised concerns among security experts?

The timing of the attack, occurring just one week before the European elections, has raised concerns among security experts about 'hack and leak' campaigns that could manipulate public opinion through the release of recontextualized information.

Incident

Cyberattack on German CDU through CheckPoint flaw

Q: How was the CDU's security further compromised in the cyberattack?

The exploit of CVE-2024-24919 was combined with a phishing attack, further compromising the CDU's security.

published: June 3, 2024

Take action: Even political parties need to patch their network and firewall equipment. Or get hacked.

Learn More

The recent cyberattack on the German CDU party headquarters was facilitated by exploiting a critical vulnerability in Check Point Network Security Gateways.

This vulnerability, tracked as CVE-2024-24919, had been recently addressed by Check Point with a patch released at the end of May. The exploit was combined with a phishing attack, further compromising the CDU's security.

The breach became known on Friday 31st of May and was detailed on Saturday 2nd of June 2024. Attackers seem to be professional hackers, with no confirmed attribution. Suspicions point to to APT29 (part of Russian GRU)

German authirities are involved but not commenting - The Gederal Office for the Protection of the Constitution is involved but not commenting, the Federal Ministry of the Interior has acknowledged the attack as serious, indicating a professional actor. The Bundestag and parliamentary group leaders informed about possible precautions

The timing of the attack, occurring just one week before the European elections, has raised concerns among security experts. These experts have warned about "hack and leak" campaigns that could manipulate public opinion through the release of contextualized information.

Update - According to the German weekly 'Der Spiegel', the attackers gained access to critical data within the party's network and had undetected access to the CDU's party network for at least 14 days. The specifics of the compromised data have not been disclosed, but it is known that critical data was accessed.

Cyberattack on German CDU through CheckPoint flaw

Read More
Data Breach at Cock.li email provider exposes over …
Australian healthcare education Healthed reports data breach
Central Pennsylvania Food Bank hit by ransomware
Sui Blockchain's Cetus protocol suffers $200 million exploit
Start-Rite reports data breach, exposing customer data