Proofpoint has been accepted into Europol EC3’s Advisory Group on Internet Security (AGIS), strengthening its role in cross-border collaboration against cybercrime. The article highlights Proofpoint’s prior contributions to disrupting Tycoon 2FA and Operation Endgame, showing how intelligence sharing and coordinated action help dismantle criminal infrastructure. #Proofpoint #Europol #EC3 #AGIS #Tycoon2FA #OperationEndgame
Keypoints
- Proofpoint has joined Europol’s EC3 Advisory Group on Internet Security (AGIS).
- AGIS supports Europol by providing strategic expertise and operational insight to fight cybercrime across Europe.
- Proofpoint’s membership reflects its ongoing collaboration with law enforcement and industry partners.
- Proofpoint previously supported the takedown of the Tycoon 2FA phishing-as-a-service platform.
- Proofpoint also contributed intelligence to Operation Endgame, which disrupted major malware delivery and botnet operations.
- The article stresses that effective cyber defense depends on trusted partnerships, intelligence sharing, and coordinated disruption efforts.
- European organizations continue to face threats including phishing, business email compromise, ransomware, and credential theft.
MITRE Techniques
- [T1556 ] Modify Authentication Process – Tycoon 2FA was used to bypass multi-factor authentication protections through adversary-in-the-middle phishing (‘…enable cybercriminals to bypass multi-factor authentication protections…’)
- [T1566 ] Phishing – The article describes phishing campaigns and the Tycoon 2FA phishing-as-a-service platform used to compromise targets (‘…phishing campaigns…’; ‘…phishing-as-a-service platform…’)
- [T1587 ] Develop Capabilities – Tycoon 2FA is described as a phishing kit/platform developed for criminal use (‘…one of the most widely used adversary-in-the-middle phishing kits…’)
- [T1105 ] Ingress Tool Transfer – Operation Endgame disrupted malware delivery operations, implying malicious tools were being delivered to victims (‘…disrupted some of the world’s most prolific malware delivery…’)
- [T1071 ] Application Layer Protocol – The article references criminal infrastructure used in phishing and botnet operations, which commonly relies on network communications (‘…sharing intelligence on criminal infrastructure, malware activity, and threat actor behavior…’)
- [T1489 ] Service Stop – The coordinated takedown and disruption of infrastructure reduced the service’s availability (‘…critical infrastructure supporting the service was disrupted…’)
Indicators of Compromise
- [Organization/Platform ] law enforcement and industry collaboration – Proofpoint, Europol EC3 / AGIS
- [Threat Actor/Service ] phishing-as-a-service platform disrupted by investigators – Tycoon 2FA, Operation Endgame
- [Malware/Infrastructure ] criminal delivery and botnet ecosystems referenced in the takedown effort – malware delivery operations, botnet operations
Read more: https://www.proofpoint.com/us/blog/corporate-news/proofpoint-joins-europol-ec3-agis