Iran-backed hackers scanned Check Point firewalls ahead of attacks

Iran-based attackers systematically scanned Check Point Security Gateways in July 2024, a reconnaissance step before exploitation. Unpatched devices exposed to the internet on management or VPN ports face higher risk. CISA disclosed the activity in August. Defenders should assume similar scanning continues beyond the public announcement.