The web page consists of technical info on what prompted the outage, what methods are affected, and CEO George Kurtz’s assertion. It comprises hyperlinks to Bitlocker key restoration processes and to varied third-party vendor pages about coping with the outage, as properly.
The web page factors to a information base article (which solely logged-in clients can entry) for utilizing a bootable USB key. Microsoft launched such a software yesterday that routinely deletes the problematic channel file that prompted machines to blue display.
CrowdStrike additionally revealed a weblog yesterday warning that risk actors have been making the most of the scenario to distribute malware, utilizing “a malicious ZIP archive named crowdstrike-hotfix.zip.”
The ZIP archive comprises a HijackLoader payload that, when executed, hundreds RemCos. Notably, Spanish filenames and directions inside the ZIP archive point out this marketing campaign is probably going concentrating on Latin America-based (LATAM) CrowdStrike clients.
Following the content material replace challenge, a number of typosquatting domains impersonating CrowdStrike have been recognized. This marketing campaign marks the primary noticed occasion through which a risk actor has capitalized on the Falcon content material challenge to distribute malicious information concentrating on LATAM-based CrowdStrike clients.
CrowdStrike says organizations ought to solely be working immediately with CrowdStrike’s representatives utilizing official channels, and will use solely the steering its help group offers.
