The web page contains technical data on what induced the outage, what techniques are affected, and CEO George Kurtz’s assertion. It accommodates hyperlinks to Bitlocker key restoration processes and to numerous third-party vendor pages about coping with the outage, as properly.
The web page factors to a data base article (which solely logged-in prospects can entry) for utilizing a bootable USB key. Microsoft launched such a instrument yesterday that robotically deletes the problematic channel file that induced machines to blue display screen.
CrowdStrike additionally printed a weblog yesterday warning that menace actors have been benefiting from the state of affairs to distribute malware, utilizing “a malicious ZIP archive named crowdstrike-hotfix.zip.”
The ZIP archive accommodates a HijackLoader payload that, when executed, hundreds RemCos. Notably, Spanish filenames and directions inside the ZIP archive point out this marketing campaign is probably going focusing on Latin America-based (LATAM) CrowdStrike prospects.
Following the content material replace concern, a number of typosquatting domains impersonating CrowdStrike have been recognized. This marketing campaign marks the primary noticed occasion by which a menace actor has capitalized on the Falcon content material concern to distribute malicious information focusing on LATAM-based CrowdStrike prospects.
CrowdStrike says organizations ought to solely be working straight with CrowdStrike’s representatives utilizing official channels, and will use solely the steering its assist crew supplies.
