Incident Response

Threat Actors Use Fraudulent CrowdStrike Fixes to Distribute Malicious Payloads

Today’s special columnist, Callie Guenther of Critical Start, offers security teams advice for responding to the recent CrowdStrike outage. (Adobe Stock)

BleepingComputer reports that attacks exploiting the faulty CrowdStrike Falcon update that resulted in a massive global IT outage were immediately launched by threat actors to facilitate the deployment of malicious payloads.|

Intrusions offering a fraudulent fix for the issue were reported by cybersecurity researcher g0njxa and AnyRun to have been conducted to deploy the Remcos RAT trojan, with the former observing such a malware campaign through a phishing portal purporting to be from Spanish financial services firm BBVA.

HijackLoader malware delivered by the fake hotfix facilitated Remcos RAT distribution, according to AnyRun. Another attack campaign discovered by AnyRun involved phony CrowdStrike updates to deploy a data wiper against organizations across Israel.

Such an operation, admitted to have been launched by pro-Iranian hacktivist group Handala, entailed the use of CrowdStrike-spoofing phishing emails with a download link for the malicious ZIP archive, which when executed triggered a data wiping attack against targeted devices' files.

You can skip this ad in 5 seconds