Phishing, Threat Intelligence

CrowdStrike outage exploited in new spear-phishing campaign

Share
Closeup of mobile phone screen with logo lettering of crowdstrike cyber security company on computer keyboard

Malware attacks have been launched by threat actors against Germany-based CrowdStrike customers through a new spear-phishing campaign leveraging a domain registered shortly after the widespread global IT outage brought upon by the botched update of its Falcon platformSecurity Affairs reports.

Such a domain, which purported to be from a German entity and used an it[.]com subdomain, lured targets into downloading a fraudulent CrowdStrike Crash Reporter tool as a ZIP file with a trojanized InnoSetup installer, according to an analysis from CrowdStrike's Counter Adversary Operations team. Installation enabled executable injection into a JavaScript file to conceal malicious activity, as well as the appearance of a prompt for "Backend-Server" input, which if not provided would prevent the completion of compromise. No further information regarding the identity of the attackers was provided but CrowdStrike researchers noted their elevated operations security awareness. "Additionally, encrypting the installer contents and preventing further activity from occurring without a password precludes further analysis and attribution," said the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.