SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partnersCase Studies
![Banking](https://www.cyberproof.com/wp-content/uploads/2022/07/banking.jpg)
90% increase in visibility after deploying Microsoft XDR with CyberProof
![Financial Services](https://www.cyberproof.com/wp-content/uploads/2022/07/financial-services.jpg)
Enterprise saves millions on data ingestion & storage following cloud migration.
![Logistics](https://www.cyberproof.com/wp-content/uploads/2022/07/logistics.jpg)
International logistics company sees 40% savings in security operations costs
Threat Alerts
Cybercriminals Exploit CrowdStrike Update to Launch Cyberattacks
Recently, an issue in a content update for the CrowdStrike Falcon sensor affecting Windows operating systems was discovered and quickly resolved. However, this incident has provided cybercriminals with multiple vectors to launch various cyberattacks, exploiting the confusion and urgency created by the update mishap.
Cybercriminals have leveraged the content update issue to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. This archive contains a HijackLoader payload that, upon execution, uses DLL search-order hijacking to load and execute its first-stage payload. HijackLoader, marketed as a private crypting service called ASMCrypt, is a modular multi-stage loader designed to evade detection. Its configuration file provides data that the loader uses to execute the final RemCos payload, which then contacts a command-and-control (C&C) server.
In addition to the ZIP archive, several typosquatting domains impersonating CrowdStrike have been identified. These domains are used to trick users into downloading malicious files or redirect them to scam pages, including those requesting cryptocurrency payments under the pretense of providing a fix for the issue.
APT41’s Global Cyber Espionage Campaign
The China-based APT41 hacking group has launched a sustained campaign targeting organizations in the shipping, logistics, media, entertainment, technology, and automotive sectors across Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. This campaign, ongoing since 2023, has allowed APT41 to maintain prolonged unauthorized access to victims’ networks, extracting sensitive data over extended periods.
The attack chain involves the use of web shells (ANTSWORD and BLUEBEAM), custom droppers (DUSTPAN and DUSTTRAP), and publicly available tools (SQLULDR2 and PINEGROVE). APT41 employs these tools to achieve persistence, deliver additional payloads, and exfiltrate data of interest. The DUSTTRAP malware, a multi-stage plugin framework, is particularly noteworthy for its extensive capabilities, including executing shell commands, file system operations, process manipulation, keylogging, and Active Directory modifications.
Further details, as well as YARA rules, can be found in the full report: https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust