Beware of emails claiming to be from CrowdStrike

Be wary of emails claiming to be from CrowdStrike. Cybercriminals are exploiting Friday’s technical glitch by posing as the cybersecurity company CrowdStrike.

According to CrowdStrike who have been monitoring malicious activity exploiting this event, they have received reports that threat actors are performing the following activities:

  • Send phishing emails pretending to be CrowdStrike customer support.
  • Impersonate CrowdStrike staff on phone calls.
  • Posing as experts, claiming to have proof that the technical issue is related to a cyber attack and offering advice on how to fix the problem.
  • They sell scripts that claim to automate recovery from a content update problem.

CrowdStrike has also observed that hackers are distributing a malicious ZIP archive called crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload which, when executed, loads RemCos.

AKSK recommends that companies ensure that they are communicating with real CrowdStrike representatives through official channels and follow the technical instructions that CrowdStrike support teams provide on official websites.

Read these official CrowdStrike articles for more information:

Official Statement
AKSK