Check Point claims its report has shut down the Nuclear EK

Check Point Software Technologies is claiming that once it released the Check Point Investigative Report, the Nuclear Exploit Kit shut down its entire infrastructure and ceased operation.

Nuclear Exploit Kit, nuclear no more.
Nuclear Exploit Kit, nuclear no more.

Check Point Software Technologies is claiming that once it had released the Check Point Investigative Report, the Nuclear Exploit Kit shut down its entire infrastructure and ceased operation.

The report was conducted by the Check Point Threat Intelligence and Research team as research into the Malware-as-a-Service industry. It found that the Nuclear Exploit Kit was one of the largest attack infrastructures observed in the wild.

In part one of the report, Check Point reviewed in depth the various capabilities, exploits and techniques employed by the exploit kit. This included the operation scheme and features, the control panel, the landing page served by the exploit kit, the master server, infection flow, exploits and other internal logics.

Part two of the report gave a view into the heart of a thriving cyber-criminal syndicate scene. Check Point reviewed the exploits and vulnerabilities served by the exploit kit and the process of delivering the payload to the victims.

At the end of April, just a few days after its first report was published, the existing Nuclear infrastructure ceased operation entirely, according to Check Point. All nuclear panel instances and the master server stopped serving malicious content and responding to requests from their IP addresses.

Kafeine, a French security researcher, said on his blog that Nuclear disappeared around 30 April, confirming Check Point's timeline.

Later in May, Symantec's monthly bulletin referred to the radical change observed in Nuclear's attack rank in comparison to the previous month – “The Nuclear exploit kit, which topped April's list, has dropped out of the top five this month, likely due to research that was published in late April, shedding light on the toolkit's infrastructure and likely leading to disruptions.”