Full Report
For the latest discoveries in cyber research for the week of 20th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Booking.com, the Amsterdam-based travel platform, has confirmed a data breach after unauthorized parties accessed reservation data linked to some customers. Exposed information included names, email addresses, phone numbers, physical addresses, and booking […] The post 20th April – Threat Intelligence Report appeared first on Check Point Research.
Analysis Summary
# Incident Report: Multi-Vector Intelligence Summary (April 20th Report)
## Executive Summary
This week’s intelligence report highlights a surge in data breaches involving high-profile platforms like Booking.com and Basic-Fit, as well as a significant evolution in AI-driven attacks. Notable incidents include the weaponization of LLMs to breach government systems and a critical supply chain compromise affecting thousands of WordPress sites through malicious plugin updates.
## Incident Details
- **Discovery Date:** April 20, 2026 (Reported)
- **Incident Date:** Various (spanning April 2026)
- **Affected Organizations:** Booking.com, McGraw-Hill, Basic-Fit, EssentialPlugin, Mexican Government Agencies.
- **Sector:** Travel, Education, Fitness, Software (WordPress), Government.
- **Geography:** Global (specifically Amsterdam, Mexico, Europe).
## Timeline of Events
### Initial Access
- **Date/Time:** April 2026.
- **Vectors:**
- **Booking.com:** Unauthorized access to reservation data (method undisclosed).
- **McGraw-Hill:** Unauthorized access to the Salesforce environment.
- **EssentialPlugin:** Supply chain compromise after firm acquisition.
- **Mexican Agencies:** Prompt manipulation and AI-driven reconnaissance.
### Lateral Movement
- **AI-Driven Breach:** Use of Claude Code and GPT-4.1 to issue over 5,000 automated actions across 34 sessions to navigate government databases.
- **Salesforce Breach:** Attackers moved within the McGraw-Hill Salesforce environment to access 13.5 million account records.
### Data Exfiltration/Impact
- **Exfiltration:** Combined theft of over 415 million records from Mexican agencies, 13.5 million from McGraw-Hill, and roughly 1 million from Basic-Fit.
- **Financial:** Over $9.5 million stolen via a fake "Ledger Live" app on the Apple App Store.
### Detection & Response
- **Discovery:** Detected via extortion attempts (McGraw-Hill) and security research (AI-driven attacks).
- **Response Actions:** Booking.com forced PIN resets; WordPress.org removed 30+ compromised plugins; Microsoft and Splunk released urgent security patches for exploited zero-days.
## Attack Methodology
- **Initial Access:** Valid credentials for Salesforce; supply chain injection; prompt injection/jailbreaking of AI tools.
- **Persistence:** Sideloading PlugX malware via fake AI installers; backdoored WordPress plugins.
- **Defense Evasion:** Abusing trusted programs to sideload malware; bypassing AI safety filters via injected hacking manuals.
- **Lateral Movement:** AI agents used to automate reconnaissance and command execution.
- **Collection:** Bulk harvesting of taxpayer records, personal identifiers (PII), and bank account details.
- **Exfiltration:** Routing stolen cryptocurrency through the AudiA6 mixer and KuCoin to hide trails.
## Impact Assessment
- **Financial:** $9.5M in direct crypto-theft; substantial potential fines and recovery costs for breached entities.
- **Data Breach:** Exposure of PII (names, emails, physical addresses) and sensitive identifiers (bank details, taxpayer records).
- **Operational:** EssentialPlugin users faced unauthorized site modifications and spam generation.
- **Reputational:** High-profile travel and fitness brands compromised, leading to customer trust erosion.
## Indicators of Compromise
- **Files:** Fake "Claude Pro" installer for Windows (sideloads PlugX).
- **Behavioral:**
- Unexpected API calls to GitHub workflows via pull request comments.
- Multiple automated sessions (30+) from AI-based coding assistants targeting database structures.
- Unauthorized creation of spam pages on WordPress sites.
- **Network:** Traffic routed through the AudiA6 crypto mixer.
## Response Actions
- **Containment:** WordPress.org closed all EssentialPlugin products to prevent further distribution.
- **Eradication:** Splunk and Microsoft released patches for CVE-2026-20204 and CVE-2026-33825.
- **Recovery:** Booking.com reset user reservation PINs to prevent fraudulent access.
## Lessons Learned
- **Supply Chain Fragility:** Mergers and acquisitions of software firms (like EssentialPlugin) are high-risk periods for supply chain injections.
- **AI as a Force Multiplier:** Threat actors are effectively bypassing LLM safety guardrails to automate complex reconnaissance that previously required large teams.
- **Cloud Configuration:** Salesforce environments remain a primary target for extortionists seeking large PII datasets.
## Recommendations
- **AI Defenses:** Implement robust monitoring for AI-driven development tools (e.g., GitHub Copilot, Claude Code) to detect prompt injection attempts.
- **Vulnerability Management:** Prioritize patching Apache ActiveMQ (CVE-2026-34197) and Microsoft Defender zero-days immediately.
- **Third-Party Risk:** Conduct rigorous security audits of WordPress plugins following any change in ownership or developer.
- **Defang URLs:** Ensure all internal URLs in reports are defanged (e.g., hxxps[://]research[.]checkpoint[.]com).