Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Tech Analysis: Addressing Claims About Falcon Sensor Vulnerability

CrowdStrike is aware of inaccurate reporting and false claims about the security of the Falcon sensor. This blog sets the record straight by providing customers with accurate technical information about the Falcon sensor and any claims regarding the Channel File 291 incident. CrowdStrike has provided a Technical Root Cause Analysis and executive summary that describes the bug in detail.

Malicious Inauthentic Falcon Crash Reporter Installer Delivers LLVM-Based Mythic C2 Agent Named Ciro

On July 24, 2024, an unattributed threat actor distributed a password-protected installer masquerading as an inauthentic Falcon Crash Reporter Installer to a German entity in an unattributed spear-phishing attempt. Subsequent analysis revealed that executing the installer with the threat actor-provided password leads to a novel execution chain in which an agent written to the Mythic command-and-control (C2)1 framework is executed as LLVM Intermediate Representation (IR) bitcode.

Hacktivist Entity USDoD Claims to Have Leaked CrowdStrike's Threat Actor List

On July 24, 2024, hacktivist entity USDoD claimed on English-language cybercrime forum BreachForums to have leaked CrowdStrike’s “entire threat actor list.”1 The actor also alleged that they had obtained CrowdStrike’s “entire IOC list” and would release it “soon.” In the announcement, USDoD provided a link to download the alleged threat actor list and provided a sample of data fields, likely in an effort to substantiate their claims.

Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity via Spearphishing Website

On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic CrowdStrike Crash Reporter installer via a website impersonating a German entity. The website was registered with a sub-domain registrar.

Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure

On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt.

Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure

On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. A threat actor distributed this file days after the July 19, 2024, single content update for CrowdStrike’s Falcon sensor — which impacted Windows operating systems — was identified and a fix was deployed. The ZIP file uses the filename CrowdStrike Falcon.zip in an attempt to masquerade as a Falcon update.

Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer

On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manual.1 Initial analysis suggests the activity is likely criminal.

Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers

On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon sensor impacting Windows operating systems was identified, and a fix was deployed.1 CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos.

CrowdStrike Unifies Threat Data and AI for Next-Gen Managed Detection and Response

CrowdStrike is setting a new standard for managed detection and response (MDR), building on our established reputation as pioneers and industry leaders. Falcon Complete Next-Gen MDR combines cutting-edge AI-powered cybersecurity technology with the expertise of the industry’s top security analysts to stop breaches across the entire attack surface 24/7 with unmatched speed and precision.

CrowdStrike Named a Customers' Choice in 2024 Gartner Voice of the Customer for Endpoint Protection Platform Report

The endpoint combines both opportunity and risk for most organizations. While an essential hub for modern business operations and the tools employees use, it also is the primary attack surface for today’s adversaries: Nearly 90% of successful cyberattacks start at the endpoint.1 An endpoint protection platform (EPP) is the essential foundation to a strong cybersecurity strategy.