Phishing Alert - Phishing Campaigns and Other Malicious Activities in the Theme of CrowdStrike Outage Event

Last Update Date: 24 Jul 2024 Release Date: 22 Jul 2024 3712 Views

Type: Phishing

Phishing Alert

Current Status and Related Trends

On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon sensor software impacting Microsoft Windows operating systems was identified, official fix has been released from both CrowdStrike and Microsoft. News has indicated that threat actors have been using the mentioned event to leaverage further cyber attacks.

 

According to related news, HKCERT has observed the following phishing and other malicious activities that taking advantage of this incident:

  • Sending phishing emails posing as CrowdStrike support to customers
  • Impersonating CrowdStrike staff in phone calls
  • Posing as independent researchers, claiming to have evidence the technical issue is linked to a cyberattack and offering remediation insights
  • Selling scripts purporting to automate recovery from the content update issue
  • Distributing trojans malware pretending as recovery tools

 

[Updated on 2024-07-23]

Updated Related Links.

 

[Updated on 2024-07-24]

Updated Related Links.

HKCERT urges the public to be vigilant against the phishing attacks and recommends that users should:

 

  • Apply remediation methods provided by official websites (Such as remediation methods provided by CrowdStrike)
  • Obtain software patch update from trusted source (Such as recovery tool provided by Microsoft)
  • Should not click any links from untrusted sources, such as emails from unknown senders and advertisements from search engines etc.
  • Adopt anti-phishing features in web browsers to help block phishing attacks
  • Use the free search engine “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL or IP address, etc.

 

A list of malicious domains have been identified to perform further social-engineering attacks in the use of the event:

crowdstrike.phpartners[.]org
crowdstrike0day[.]com
crowdstrikebluescreen[.]com
crowdstrike-bsod[.]com
crowdstrikeupdate[.]com
crowdstrikebsod[.]com
www.crowdstrike0day[.]com
www.fix-crowdstrike-bsod[.]com
crowdstrikeoutage[.]info
www.microsoftcrowdstrike[.]com
crowdstrikeodayl[.]com
crowdstrike[.]buzz
www.crowdstriketoken[.]com
www.crowdstrikefix[.]com
fix-crowdstrike-apocalypse[.]com
microsoftcrowdstrike[.]com
crowdstrikedoomsday[.]com
crowdstrikedown[.]com
whatiscrowdstrike[.]com
crowdstrike-helpdesk[.]com
crowdstrikefix[.]com
fix-crowdstrike-bsod[.]com
crowdstrikedown[.]site
crowdstuck[.]org
crowdfalcon-immed-update[.]com
crowdstriketoken[.]com
crowdstrikeclaim[.]com
crowdstrikeblueteam[.]com
crowdstrikefix[.]zip
crowdstrikereport[.]com

Related Tags

PhishingRisk AlertCrowdStrike

Share with

Related Link

CrowdStrike Denial of Service Alert

19 Jul 2024

|

4717 Views

CrowdStrikeDenial of Service
Falcon Sensor Content Issue from July 19, 2024, Likely Used to Target CrowdStrike Customers

22 Jul 2024

|

1623 Views

CrowdStrike
Fake CrowdStrike fixes target companies with malware, data wipers

22 Jul 2024

|

1677 Views

CrowdStrike
Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer

23 Jul 2024

|

1483 Views

CrowdStrike
Cybercriminals Exploit CrowdStrike Outage Chaos

23 Jul 2024

|

1399 Views

CrowdStrike
Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers

24 Jul 2024

|

1624 Views

CrowdStrike
Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure

24 Jul 2024

|

1433 Views

CrowdStrike

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY