Skip to main content

Phishing Alert - Phishing Campaigns and Other Malicious Activities in the Theme of CrowdStrike Outage Event

Last Update Date: 24 Jul 2024 Release Date: 22 Jul 2024 4215 Views

Type: Phishing

Phishing Alert

Current Status and Related Trends

On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon sensor software impacting Microsoft Windows operating systems was identified, official fix has been released from both CrowdStrike and Microsoft. News has indicated that threat actors have been using the mentioned event to leaverage further cyber attacks.

 

According to related news, HKCERT has observed the following phishing and other malicious activities that taking advantage of this incident:

  • Sending phishing emails posing as CrowdStrike support to customers
  • Impersonating CrowdStrike staff in phone calls
  • Posing as independent researchers, claiming to have evidence the technical issue is linked to a cyberattack and offering remediation insights
  • Selling scripts purporting to automate recovery from the content update issue
  • Distributing trojans malware pretending as recovery tools

 

[Updated on 2024-07-23]

Updated Related Links.

 

[Updated on 2024-07-24]

Updated Related Links.

HKCERT urges the public to be vigilant against the phishing attacks and recommends that users should:

 

  • Apply remediation methods provided by official websites (Such as remediation methods provided by CrowdStrike)
  • Obtain software patch update from trusted source (Such as recovery tool provided by Microsoft)
  • Should not click any links from untrusted sources, such as emails from unknown senders and advertisements from search engines etc.
  • Adopt anti-phishing features in web browsers to help block phishing attacks
  • Use the free search engine “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL or IP address, etc.

 

A list of malicious domains have been identified to perform further social-engineering attacks in the use of the event:

crowdstrike.phpartners[.]org
crowdstrike0day[.]com
crowdstrikebluescreen[.]com
crowdstrike-bsod[.]com
crowdstrikeupdate[.]com
crowdstrikebsod[.]com
www.crowdstrike0day[.]com
www.fix-crowdstrike-bsod[.]com
crowdstrikeoutage[.]info
www.microsoftcrowdstrike[.]com
crowdstrikeodayl[.]com
crowdstrike[.]buzz
www.crowdstriketoken[.]com
www.crowdstrikefix[.]com
fix-crowdstrike-apocalypse[.]com
microsoftcrowdstrike[.]com
crowdstrikedoomsday[.]com
crowdstrikedown[.]com
whatiscrowdstrike[.]com
crowdstrike-helpdesk[.]com
crowdstrikefix[.]com
fix-crowdstrike-bsod[.]com
crowdstrikedown[.]site
crowdstuck[.]org
crowdfalcon-immed-update[.]com
crowdstriketoken[.]com
crowdstrikeclaim[.]com
crowdstrikeblueteam[.]com
crowdstrikefix[.]zip
crowdstrikereport[.]com