CrowdStrike's cybersecurity issues were swiftly tailored to support cyberattacks by dangerous threat actors

The company suggests to keep communication on official channels only.

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

crowdstrike cybersecurity

In the recent whirlwind of digital chaos, cybercriminals seized a golden opportunity to prey on the confusion surrounding a problematic update released by cybersecurity giant CrowdStrike.

Unfortunately, this update, intended for the Falcon Sensor agent on Windows, led to a massive disruption. Imagine banks, airlines, and media outlets, among others, find their operations in a tailspin as nearly 8.5 million Windows PCs were caught in an endless loop of reboots, displaying the dreaded Blue Screen of Death (BSOD) errors.

CrowdStrike and Microsoft swiftly stepped in, offering guidance to help affected customers recover their systems. But here’s where it gets even more intriguing.

While the tech world was busy patching things up, cybercriminals launched a cunning attack. They distributed a malicious ZIP archive, cunningly named crowdstrike-hotfix.zip, which was anything but a solution.

In a blog post, CrowdStrike says this archive was laced with a HijackLoader payload that ultimately loaded RemCos, a notorious piece of malware. Given the Spanish filenames and instructions within the ZIP archive, this attack seems particularly aimed at Latin America-based CrowdStrike customers.

But the cybercriminals didn’t stop there. They also embarked on phishing campaigns, impersonating CrowdStrike cybersecurity support through emails and phone calls. They even sold fake scripts to automate recovery from the update issue.

CrowdStrike has since issued warnings, advising customers to only communicate through official channels and adhere to the guidance provided by both CrowdStrike and Microsoft. For its part, Microsoft has updated its guide to offer an automated recovery method involving recovery drives.

Despite these efforts, the persistence of phishing and malware campaigns is a stark reminder of cybercriminals’ relentless pursuit of exploiting any situation to their advantage.

IT managers are advised to always verify the sources of any software updates or fixes, especially after widespread technical issues. Cybercriminals are always looking for opportunities to exploit chaos, and a critical eye can be the difference between safety and compromise.

More about the topics: Cybersecurity, microsoft

User forum

0 messages