WARNING: Malicious Hackers Exploiting CrowdStrike Outage!

WARNING: Malicious Hackers Exploiting CrowdStrike Outage!


Within hours of a widespread IT outage on Friday, numerous new domains began appearing online, all sharing a common theme: the name CrowdStrike, the company at the heart of the global tech disruption that delayed flights and disrupted emergency services.

In a statement on Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) clarified that the CrowdStrike outage was not linked to a cyberattack or malicious activity. However, CISA noted that "threat actors are taking advantage of this incident for phishing and other malicious activities."

CISA advised individuals to "avoid clicking on phishing emails or suspicious links" as these can lead to email compromises and other scams.

George Kurtz, CEO of CrowdStrike, advised affected customers to communicate with CrowdStrike representatives through official channels. He assured that his team was fully mobilized to secure and stabilize their customers' systems.

Later on Friday, CrowdStrike's threat-hunting team, CrowdStrike Intelligence, reported receiving alerts about phishing emails and phone calls impersonating CrowdStrike support. Some imposters were posing as independent researchers offering remediation advice or selling automated recovery solutions.

The team published a list of 30 domains impersonating the company's brand, many of which were also identified by the UK-based researcher. The majority of these websites appeared within hours of the outage and seem to offer assistance.

This surge in new domain registrations are designed to lure individuals desperate to restore their systems into clicking on malicious links. In times of panic, people are more susceptible to scams, making them prime targets for cybercriminals. Although phishing sites often emerge after significant events, the scale of Friday's outages has created a large pool of potential victims.

CrowdStrike Intelligence has monitored for malicious activity leveraging the event as a lure theme and received reports that threat actors are conducting the following activity:

  • Sending phishing emails posing as CrowdStrike support to customers
  • Impersonating CrowdStrike staff in phone calls
  • Posing as independent researchers, claiming to have evidence the technical issue is linked to a cyberattack and offering remediation insights
  • Selling scripts purporting to automate recovery from the content update issue

Below provides a list of domains identified, that impersonate CrowdStrike’s brand. Some domains in this list are not currently serving malicious content, however, these sites may support future social-engineering operations.

crowdstrike.phpartners[.]org
crowdstrike0day[.]com
crowdstrikebluescreen[.]com
crowdstrike-bsod[.]com
crowdstrikeupdate[.]com
crowdstrikebsod[.]com
www.crowdstrike0day[.]com
www.fix-crowdstrike-bsod[.]com
crowdstrikeoutage[.]info
www.microsoftcrowdstrike[.]com
crowdstrikeodayl[.]com
crowdstrike[.]buzz
www.crowdstriketoken[.]com
www.crowdstrikefix[.]com
fix-crowdstrike-apocalypse[.]com
microsoftcrowdstrike[.]com
crowdstrikedoomsday[.]com
crowdstrikedown[.]com
whatiscrowdstrike[.]com
crowdstrike-helpdesk[.]com
crowdstrikefix[.]com
fix-crowdstrike-bsod[.]com
crowdstrikedown[.]site
crowdstuck[.]org
crowdfalcon-immed-update[.]com
crowdstriketoken[.]com
crowdstrikeclaim[.]com
crowdstrikeblueteam[.]com
crowdstrikefix[.]zip
crowdstrikereport[.]com        

It is common for cybercriminals to exploit chaotic situations to launch cyberattacks, particularly those that can be quickly created and customized, such as email or text phishing campaigns.

CISA stated it is "working closely with CrowdStrike and federal, state, local, tribal, and territorial partners," as well as critical infrastructure and international partners, to assist with the fixes.


Read CrowdStrike Statement on Falcon Content Update for Windows Hosts Here

Read CrowdStrike Technical Details on Outage Here

Download CrowdStrike's Automated Recovery from Blue Screen on Windows Instances in GCP


Founded in 2011, CrowdStrike aims to address sophisticated cyberattacks with advanced endpoint protection and expert intelligence. The company remains committed to resolving the current issue and ensuring full recovery for all affected customers.


Additional links from CrowdStrike and other technology vendors:







Joey Moodley

Medical Researcher | Serial Entrepreneur | Global Coperate Experience | Business Development Specialist

5mo

Insightful!

There are ‘lurkers’ out there waiting for any misstep. Be vigilant.

Given the cyber events of the past week and their seen and unforeseen short term and longer term consequences, only two questions need be asked by those in charge of securing our country's vulnerable IT data assets and IT infrastructure: 1) Why do we continue to deploy and rely on a 60 year old data storage and retrieval architecture that requires untold number of layered and band-aided 3rd party security “solutions”? Does that make sense to anyone that does not have a vested interest in the status quo? 2) How can the public and private sectors continue to SOLELY rely on this failed architecture when, in fact, there is 21st century ALTERNATIVE architectural and technology solution (Oracle DB + AsterionDB) that IS far more simplified, integrated, and SECURE?

Not a great idea to list a bunch of fake domains, some of which have malicious content, without defanging them, so that they are active and potentially dangerous links.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics