China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware

A China-linked threat actor, codenamed Green Nailao, exploited a vulnerability in Check Point network gateways to deploy ShadowPad and PlugX malware. The campaign, observed between June and October 2024, ultimately led to the deployment of NailaoLocker ransomware in some cases. The threat actors used sophisticated techniques, including DLL search-order hijacking and anti-debug measures, to maintain persistent access and exfiltrate data.