CrowdStrike Intelligence Team
SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security
In December 2022, CrowdStrike reported on a campaign by SCATTERED SPIDER, targeting organizations within the telecom and business process outsourcing (BPO) sectors with an end objective of gaining acc[…]
CrowdStrike Falcon® Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer
The CrowdStrike Falcon® platform, leveraging a combination of advanced machine learning and artificial intelligence, identified a new supply chain attack during the installation of a chat-based custom[…]
Callback Malware Campaigns Impersonate CrowdStrike and Other Cybersecurity Companies
Today CrowdStrike sent the following Tech Alert to our customers: On July 8, 2022, CrowdStrike Intelligence identified a callback phishing campaign impersonating prominent cybersecurity companies, inc[…]
Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities
Summary On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at[…]
Access Brokers: Who Are the Targets, and What Are They Worth?
Access brokers have become a key component of the eCrime threat landscape, selling access to threat actors and facilitating myriad criminal activities. Many have established relationships with big gam[…]
Lessons Learned From Successive Use of Offensive Cyber Operations Against Ukraine and What May Be Next
Disruptive and destructive cyber operations have been levied against elements of Ukrainian society by adversaries attributed to the Russian government — or groups highly likely to be controlled by the[…]
Technical Analysis of the WhisperGate Malicious Bootloader
On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by t[…]
Log4j2 Vulnerability "Log4Shell" (CVE-2021-44228)
Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache web servers. Between late November and early December 2021, a critical vulnerability (CVE-2021-44228) impacting[…]
ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
This announcement is part of the Fal.Con 2021 CrowdStrike Cybersecurity Conference, Oct. 12-14. Register now for free to learn all about our exciting new products, partnerships and latest intel! The e[…]
Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
The eCrime ecosystem is an active and diverse economy of financially motivated threat actors engaging in a myriad of criminal activities to generate revenue. With the CrowdStrike eCrime Index (ECX), C[…]
Increasing Relevance of Access Broker Market Shown in Improved ECX Model
The eCrime ecosystem is an active and diverse economy of financially motivated threat actors that engage in a myriad of criminal activities in order to generate revenue. With the eCrime Index (ECX), C[…]
SUNSPOT: An Implant in the Build Process
In December 2020, the industry was rocked by the disclosure of a complex supply chain attack against SolarWinds, Inc., a leading provider of network performance monitoring tools used by organizations […]