Qilin Ransomware Exploits Check Point VPN Zero-Day Vulnerability to Attack Multiple Organizations - Wedoany

Homepage News Details

Qilin Ransomware Exploits Check Point VPN Zero-Day Vulnerability to Attack Multiple Organizations

2026-06-15 14:59

Favorite

en.Wedoany.com Reported - Check Point has disclosed that an authentication bypass vulnerability, tracked as CVE-2026-50751, is being exploited by threat actors associated with the Qilin ransomware. The vulnerability affects Check Point VPN remote access and mobile access functionalities. When the system is configured to use the deprecated IKEv1 key exchange protocol, remote, unauthenticated attackers can bypass user authentication and establish a VPN connection without a valid password. The vulnerability also impacts Check Point's AI-driven Spark firewalls designed for small and medium-sized businesses and managed service providers.

Check Point CVE-2026-50751 ransomware

Check Point first noticed suspicious activity on June 4, 2026, but the earliest known attack dates back to early May 2026. To date, dozens of targeted organizations worldwide have been compromised, with one confirmed case involving post-intrusion activity linked to Qilin ransomware affiliates. The attacks are believed to be financially motivated. The attackers communicated using the Tox protocol and exfiltrated data via the open-source Rclone software, confirmed based on one of the shared file hashes. The attackers used dedicated virtual private servers (VPS) infrastructure, with IP addresses hosted by Kaupo Cloud HK, Shock Hosting, and Vultr Holdings. In some cases, the geographic location of the victim organization correlated with the location of the VPS used. The threat actor is also believed to have exploited other VPN-related vulnerabilities, including those disclosed by Palo Alto, Fortinet, and F5. Check Point observed an increase in exploitation attempts for CVE-2026-50751 in early June.

Check Point has released indicators of compromise and recommends that incident response teams conduct forensic log audits and configuration reviews starting from the earliest exploitation date (May 7, 2026). Mitigation measures include ensuring deployments are not configured to use the deprecated IKEv1 protocol, removing support for legacy remote access client connections, and requiring gateways to present machine certificates to establish connections.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com

Information and Communication Information Security and Data Security Engineering

Previous：US Orders Fix for SolarWinds Serv-U Vulnerability by June 19

Next：Uruguay's Corn Leafhopper Monitoring Detects Higher Populations in Northern and Western Coastal Areas

Wireless LAN | AirEngine 5776-56T Access Point

Fiber Optic Connector

Jingye Group Co., Ltd.

Negotiable /Unit

Multi-function Marine Monitoring Low-altitude Detection Radar Sea-air Boundary Ocean Dynamic Environment Measurement

Chengdu Dixin Technology Co., Ltd.

Intelligent Warehousing

Jiangsu Zhongtian Technology Co., Ltd.

Negotiable /Set

Kingmach Measurement & Monitoring Technology Co., Ltd.

Intelligent Manufacturing

DONGFANG ELECTRIC CORPORATION

TWP16 P-Band Tropospheric Wind Profile Radar

China Huayun Meteorological Technology Group Co., Ltd.

GYTA Type Non-Self-Supporting Aerial/Duct Optical Cable

TONGDING INTERCONNECTION INFORMATION CO., LTD.

Automatic Aiming Laser Remote Obstacle Removal Robot

Pinggao Group Weihai High-Voltage Apparatus Co., Ltd.

Mining Intelligent Rope-replacement Robot

Flat Portable Satellite Terminal 0.35m Aperture Manual Portable Terminal

China Starwin Science & Technology Co., Ltd.

Negotiable /Set

Bolande Application Server Software V9.5

Beijing Baolande Software Corporation

Related Recommendations

Zhang Jingtao et al. from CAICT: Digital Twin City Construction Model and Strategic Recommendations

Russian online meeting efficiency platform Mymeet.ai opens MCP protocol for AI agent integration

Russian Deckhouse Team Releases Stronghold 1.18 Enhancing Key Security and Audit Capabilities

Japan's transcosmos and Kyoei Launch SmartOrderLink

China's Longsys Launches WM8500 Chip, Enabling 2:1 Compression for 128GB SSDs

China Plans 2 Trillion Yuan Investment in National AI Computing Network, Targeting Completion by 2028

Bull and Foxconn to Produce AI Systems in Czech Republic and France Using NVIDIA Vera Rubin

Chinese Team Develops OSCAR Intelligent Compilation Optimization System to Accelerate Domestic Chips

Mexico's Toku and Cobre Launch Real-Time SPEI Payment Collection Solution

Swiss ABB Partners with South Korea's Samsung to Launch Building Intelligence and Enterprise IoT Integration Solution

Lastest Bulletin

Brazilian Critical Minerals Applies for Ema Rare Earth Project Mining Guidelines

Nippon Steel Commits $2.5 Billion Investment in US Steel for Modernization of Key Industrial Assets

UK's Certas Energy Invests £1.5 Million to Upgrade Fuel Network

India's NGEL adds 50 MW solar capacity to Rajasthan RTC project

Siemens Energy to Supply Turbines for 2.6 GW Taweelah C Power Plant in UAE

Abu Dhabi's Mubadala Invests $200 Million in UK-Ireland Subsea Power Interconnector

India's First Air-Cooled Supercritical Thermal Power Plant Commissioned by BHEL

Verogy Launches Solar Projects at Four Connecticut Landfills

Create Energy Acquires Solar Tracker Company SOL Components

UK Launches Wind Innovation Hub, Invests £2 Million to Accelerate Innovation