Summary On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon® sensor impacting Windows operating systems was identified, and a fix was deployed.1 CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload … [Read more...] about Likely eCrime Actor Capitalizing on Falcon Sensor Issues
actor
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manual.1 Initial analysis suggests the activity is likely criminal. Technical Analysis Lure Document The analyzed … [Read more...] about Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
Threat Actor Distributes Python-Based Info Stealer Using Fake Update
Summary On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. A threat actor distributed this file days after the July 19, 2024, single content update for CrowdStrike’s Falcon sensor — which impacted Windows operating systems — was identified and a fix was deployed. The ZIP file uses the … [Read more...] about Threat Actor Distributes Python-Based Info Stealer Using Fake Update
Hacktivist Entity USDoD Claims to Have Leaked CrowdStrike’s Threat Actor List
The threat intel data noted in this report is available to tens of thousands of customers, partners and prospects – and hundreds of thousands of users. Adversaries exploit current events for attention and gain. We remain committed to sharing data with the community. On July 24, 2024, hacktivist entity USDoD claimed on English-language cybercrime forum BreachForums to have … [Read more...] about Hacktivist Entity USDoD Claims to Have Leaked CrowdStrike’s Threat Actor List
Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware
Aug 23, 2023THNMobile Security / Cyber Crime A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device's camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week. CypherRAT … [Read more...] about Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware
Vietnamese Threat Actor Infects 500,000 Devices Using ‘Malverposting’ Tactics
May 01, 2023Ravie LakshmananMalverposting / Scam A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer. Malverposting refers to the use of promoted social media posts on … [Read more...] about Vietnamese Threat Actor Infects 500,000 Devices Using ‘Malverposting’ Tactics
DLL Side-Loading: How To Combat Threat Actor Evasion Techniques
Threat actors constantly evolve their tactics and techniques to circumvent security solutions. Working at the cutting-edge of detection engineering, CrowdStrike rapidly tracks and observes these evolutions in tactics to deliver timely, effective detections that protect customers. In this blog, we explore DLL side-loading and learn how CrowdStrike has expanded protections with … [Read more...] about DLL Side-Loading: How To Combat Threat Actor Evasion Techniques
DLL Side-Loading: How to Combat Threat Actor Evasion Techniques
Threat actors constantly evolve their tactics and techniques to circumvent security solutions. Working at the cutting-edge of detection engineering, CrowdStrike rapidly tracks and observes these evolutions in tactics to deliver timely, effective detections that protect customers. In this blog, we explore DLL side-loading and learn how CrowdStrike has expanded protections with … [Read more...] about DLL Side-Loading: How to Combat Threat Actor Evasion Techniques