CrowdStrike Intelligence Team
SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security
In December 2022, CrowdStrike reported on a campaign by SCATTERED SPIDER, targeting organizations within the telecom and business process outsourcing (BPO) sectors with an end objective of gaining acc[…]
CrowdStrike Falcon® Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer
The CrowdStrike Falcon® platform, leveraging a combination of advanced machine learning and artificial intelligence, identified a new supply chain attack during the installation of a chat-based custom[…]
Callback Malware Campaigns Impersonate CrowdStrike and Other Cybersecurity Companies
Today CrowdStrike sent the following Tech Alert to our customers: On July 8, 2022, CrowdStrike Intelligence identified a callback phishing campaign impersonating prominent cybersecurity companies, inc[…]
For the Common Good: How to Compromise a Printer in Three Simple Steps
Summary On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at[…]
Access Brokers: Who Are the Targets, and What Are They Worth?
Access brokers have become a key component of the eCrime threat landscape, selling access to threat actors and facilitating myriad criminal activities. Many have established relationships with big gam[…]
LemonDuck Targets Docker for Cryptomining Operations
Disruptive and destructive cyber operations have been levied against elements of Ukrainian society by adversaries attributed to the Russian government — or groups highly likely to be controlled by the[…]
Technical Analysis of the WhisperGate Malicious Bootloader
On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by t[…]
Log4j2 Vulnerability "Log4Shell" (CVE-2021-44228)
Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache web servers. Between late November and early December 2021, a critical vulnerability (CVE-2021-44228) impacting[…]
ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
This announcement is part of the Fal.Con 2021 CrowdStrike Cybersecurity Conference, Oct. 12-14. Register now for free to learn all about our exciting new products, partnerships and latest intel! The e[…]
How Artificial Intelligence is Becoming a Key Weapon in the Cybersecurity War
The eCrime ecosystem is an active and diverse economy of financially motivated threat actors engaging in a myriad of criminal activities to generate revenue. With the CrowdStrike eCrime Index (ECX), C[…]
CCleaner Stage 2: In-Depth Analysis of the Payload
The eCrime ecosystem is an active and diverse economy of financially motivated threat actors that engage in a myriad of criminal activities in order to generate revenue. With the eCrime Index (ECX), C[…]
SUNSPOT: An Implant in the Build Process
In December 2020, the industry was rocked by the disclosure of a complex supply chain attack against SolarWinds, Inc., a leading provider of network performance monitoring tools used by organizations […]