SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partners“Today I have complete visibility into the entire environment, in real time”
Jamil Farshchi | Equifax CISO
CyberProof Acquires Interpres Security
By leveraging and integrating the Interpres Security CTEM solution into its security services portfolio, CyberProof is able to continuously identify, assess, and prioritize risk while adapting defense services, like MDR, Vulnerability management and Use case management to address ever evolving threats. Take proactive steps to fortify your security today!
Case Studies
Retail Company Reduces Data Costs by 85% with SIEM Transformation

90% increase in visibility after deploying Microsoft XDR with CyberProof

Enterprise saves millions on data ingestion & storage following cloud migration.
SOC unification streamlines enterprise insurance company’s security & network monitoring operations.
Global medical devices company gains visibility and meets stringent compliance standards across global geos
Pharmaceutical organization significantly enhances threat detection and response times
Threat Alerts
Sophisticated Attack Chain Combines Social Engineering and COM Object Exploitation
A sophisticated cybersecurity threat has emerged, combining social engineering via Microsoft Teams with a previously undocumented persistence technique. This attack campaign targets executives and high-privilege employees in various sectors, potentially leading to ransomware deployment. The attack represents a significant evolution in threat tactics, introducing the first observed case of TypeLib COM hijacking in the wild, making it particularly dangerous due to its ability to evade detection.
The attack begins with precisely timed phishing messages sent through Microsoft Teams, masquerading as IT support personnel. These messages specifically target executives during the post-lunch period when vigilance may be lower. After establishing trust, attackers leverage Windows Quick Assist to gain remote access, blending into legitimate IT workflows. The novel aspect of this attack is the TypeLib hijacking technique that modifies registry entries to download and execute malware whenever certain COM objects are accessed by Windows processes. The payload consists of heavily obfuscated JScript and PowerShell code that creates a unique beaconing URL based on the victim’s hard drive serial number, establishes command and control communication, and reports success to a Telegram bot. Evidence suggests the attackers may be Russian-speaking, with possible connections to groups known for distributing ransomware, though the specific attribution remains uncertain.
Attackers Launch Sophisticated Phishing Operation Using Layered Approach
A complex phishing campaign demonstrates how attackers are using increasingly sophisticated methods to deliver malware. The campaign utilizes a multi-layered attack chain to distribute well-known malware including Agent Tesla, Remcos RAT, and XLoader. By combining various scripting languages, execution paths, and deceptive social engineering tactics, the attackers effectively evade detection systems and traditional security measures
The attack begins with phishing emails disguised as payment confirmations or order requests that contain malicious attachments. These attachments typically include a .7z file with a JavaScript Encoded (.jse) file designed to look like a legitimate document. When executed, this initial script downloads and launches a PowerShell script containing a Base64-encoded payload. From there, the infection chain branches into two possible paths: one using .NET-compiled executables that inject payloads into RegAsm.exe, and another using AutoIt-compiled droppers that inject shellcode into RegSvcs.exe. Both paths ultimately lead to the execution of information-stealing malware capable of harvesting credentials, clipboard data, and keystrokes. The campaign’s success relies not on heavy obfuscation but on its multi-layered approach, which helps it avoid detection by signature-based tools and traditional sandboxes.