Counter Adversary Operations
International Authorities Indict, Sanction Additional INDRIK SPIDER Members and Detail Ties to BITWISE SPIDER and Russian State Activity
CrowdStrike often collaborates with law enforcement agencies to identify, track and stop cyber threats. We recently worked with law enforcement stakeholders within the U.K.’s National Crime Agency as […]
How CrowdStrike Hunts, Identifies and Defeats Cloud-Focused Threats
Adversaries’ persistent efforts to evade advancements in threat awareness and defense have shaped a cyber threat landscape dominated by their stealthy, fast-moving tactics. As they expand into the clo[…]
Malicious Inauthentic Falcon Crash Reporter Installer Delivers LLVM-Based Mythic C2 Agent Named Ciro
On July 24, 2024, an unattributed threat actor distributed a password-protected installer masquerading as an inauthentic Falcon Crash Reporter Installer to a German entity in an unattributed spear-phi[…]
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity via Spearphishing Website
Summary On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic CrowdStrike Crash Reporter installer via a website impersonating a German […]
Hacktivist Entity USDoD Claims to Have Leaked CrowdStrike’s Threat Actor List
The threat intel data noted in this report is available to tens of thousands of customers, partners and prospects – and hundreds of thousands of users. Adversaries exploit current events for attention[…]
Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure
Summary On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365[.]com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Micr[…]
Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure
Summary On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. A threat actor distributed this file days afte[…]
Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer
On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manu[…]
Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers
Summary On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon® sensor impacting Windows operating systems was identified, and a fix was deployed.1 CrowdStrike Intell[…]
Falcon Sensor Content Issue from July 19, 2024, Likely Used to Target CrowdStrike Customers
Updated 2024-07-26 1830 UTC On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon® sensor impacting Windows operating systems was identified, and a fix was deployed.[…]
IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations
CrowdStrike Counter Adversary Operations has been investigating a series of cyberattacks and strategic web compromise (SWC) operations targeting organizations in the transportation, logistics and tech[…]
eCriminals Share Ways to Impersonate School Staff to Steal Paychecks
CrowdStrike Counter Adversary Operations monitors for and attempts to disrupt eCrime threat actors across a broad spectrum of malicious activity, ranging from sophisticated ransomware campaigns to sim[…]
Amid Sharp Increase in Identity-Based Attacks, CrowdStrike Unveils New Threat Hunting Capability
Adversaries are doubling down on identity-based attacks. According to Nowhere to Hide: CrowdStrike 2023 Threat Hunting Report, we’ve seen an alarming 583% year-over-year increase in Kerberoasting atta[…]
CrowdStrike Debuts Counter Adversary Operations Team to Fight Faster and Smarter Adversaries as Identity-Focused Attacks Skyrocket
CrowdStrike is proud to announce the launch of CrowdStrike Counter Adversary Operations, a newly formed, first-of-its kind team that brings together CrowdStrike Falcon® Intelligence and the CrowdStrik[…]