Mimecast Logo
Commencer
Obtenir un devis

    CrowdStrike Phishing Campaign


    Jul. 23, 2024

    Key Points

    • Hundreds of CrowdStrike-related phishing domains registered.
    • The primary intent was to download RATs, infostealers or wiper malware.

    Threat actors are targeting organizations with data wipers and remote access tools and organizations should be wary of phishing attempts. Hundreds of domains have been observed as attackers start to send malicious emails posing as CrowdStrike representatives. The emails contain instructions on how to remedy the outage but malicious links disguised as updates. CrowdStrike published an advisory July 19th warning of phishing activity, including phishing emails and phone calls impersonating CrowdStrike staff.

    Mimecast is collating and sharing a list of malicious or potentially malicious domains related to these attacks. All domains will be blocked by Mimecast and organizations should also consider using this list to update protection in other security tools.

    Targeting:

    Global, All Sectors

    URLs:

    • Clownstrike[.]co[.]uk
    • Thecrowdstrike[.]com
    • www[.]thecrowdstrike[.]com
    • crowdstrike-hotfix[.]zip
    • crowdstrike-okta[.]quickintuits[.]top

    Click here to access the complete list of URLs.

    Explore Threat Intelligence Articles

    18BLOG_1.jpg
    Threat Intelligence Blog
    Attackers Continue to Shift Delivery Methods
    févr. 21, 2024
    Threat IntelStats.jpg
    Threat Intelligence Blog
    Impersonation Attacks Rise 12 Percent in Q3 2023 
    nov. 29, 2023
    57BLOG_1.jpg
    Threat Intelligence Blog
    Collaboration Tools: A Double-Edged Sword
    nov. 07, 2023
    Haut de la page