Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers

Crowdstrike ^ | 20 Jul 2024 | Counter Adversary Operations

[blueplum]

CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload...Notably, Spanish filenames and instructions within the ZIP archive indicate this campaign is likely targeting Latin America-based (LATAM) CrowdStrike customers.

---

TOPICS: Business/Economy; News/Current Events
KEYWORDS: crowdstrike; cybercrime; falcon; it; latinamerica; microsoft

[blueplum]

see article for Details, specific file names, and Indicators of Compromise

[JonPreston]

huh?

[glorgau]

> crowdstrike-hotfix.zip

Any sysadmin that opens an email with a file named “crowdstrike-hotfix.zip” deserves what happens to them. ;-)

[Nervous Tick]

>> Any sysadmin that opens an email with a file named “crowdstrike-hotfix.zip” deserves what happens to them. ;-)

Yeah, but the company they serve may not deserve it.

In other news, I wonder how long before CrowdStrike is bankrupt. They RICHLY deserve THAT.

[Empire_of_Liberty]

I wonder why they assume the Spanish indicates the target, and not the source.

Are the instructions ONLY in Spanish?

Most programmers want to comment and debug in a language they can read. A programming language may force English (for now), but the rest doesn’t.

[LastDayz]

Somewhat curious whether Crowd-strike was shorted and someone made a load of coin off this “cyber attack”.

[BipolarBob]

Yeah but the sysadmin job was outsourced so they weren’t making that much money and they just moved on.

[elpadre]

I’m not techie, just a very old guy enjoying the ride. However, when I read the word “Crowdsource’ I immediately thought back to 2016 when Hilary claimed her computers had been hacked by Russian operatives. She should have turned them over to the FBI for investigation but she didn’t. She called in a private company called “CrowdSource.” It then supposedly confirmed the claim it was a Russian effort to interfere with the election. That claim later was found to be false. Or was a different company??

[coalminersson]

engish please

[OldHarbor]

No, the same company, your memory serves you well.

[ChildOfThe60s]

Yeah, but the company they serve may not deserve it.

The case could be made, at least some of the time, that they should have hired a sysadmin that knows what he is doing. Maybe IT is the wrong place for DEI.

[Nervous Tick]

>> The case could be made, at least some of the time, that they should have hired a sysadmin that knows what he is doing. Maybe IT is the wrong place for DEI.

You are spot on in that observation. I initially wrote “company they serve does not deserve it”, but changed it to “may not deserve” because I recognized the truth as you stated it.

[blueplum]

most of this is Greek to me but for what it's worth:
tech stocks lost $900 billion overall Wednesday "biggest drop since 2022'. Crowdstrike may have been part of that sell-off, with a further drop on Friday, if the numbers below make sense to someone more knowledgeable than I am. .
following the outage, according to Marketwatch Crowdstrike " declined 11.1% Friday to log its worst one-day drop since it fell 14.8% on Nov. 30, 2022. It had been down as much as 15.4% earlier in the session....CrowdStrike CEO George Kurtz is taking a $42 million personal hit from stock’s drop..CrowdStrike shares have lost 19.2% over their current four-session streak of losses, and are down 19.4% this year so far. The stock fell 3.4% in Thursday’s action after a downgrade to sell... "