Malware, Phishing

CrowdStrike outage exploited for Lumma infostealer deployment

Share
Closeup of mobile phone screen with logo lettering of crowdstrike cyber security company on computer keyboard

Attackers have been spreading the Lumma information-stealing malware using a fraudulent CrowdStrike domain registered just days after the massive global IT outage resulting from a faulty update of its Falcon platform, according to The Register.

Intrusions involved the use of the domain, crowdstrike-office365[.]com, to lure users into downloading a recovery tool purportedly addressing update-related boot loop issues but delivers a malware loader, which when executed eventually delivers the Lumma infostealer, which UNC5537 had leveraged to exfiltrate credentials to infiltrate Snowflake cloud storage instances, said CrowdStrike. Such a campaign may have been conducted by the same threat actors behind Lumma-spreading social engineering attacks last month that involved phishing emails and fraudulent Microsoft Teams help desk employee phone calls. "Based on the shared infrastructure between the campaigns and apparent targeting of corporate networks, CrowdStrike Intelligence assesses with moderate confidence that the activity is likely attributable to the same unnamed threat actor," researchers said.

Related Terms

Adware

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.