CrowdStrike Phishing Campaign


    Jul. 23, 2024

    Key Points

    What you'll learn in this notification

    • Hundreds of CrowdStrike-related phishing domains registered.
    • The primary intent was to download RATs, infostealers or wiper malware.

    Threat actors are targeting organizations with data wipers and remote access tools and organizations should be wary of phishing attempts. Hundreds of domains have been observed as attackers start to send malicious emails posing as CrowdStrike representatives. The emails contain instructions on how to remedy the outage but malicious links disguised as updates. CrowdStrike published an advisory July 19th warning of phishing activity, including phishing emails and phone calls impersonating CrowdStrike staff.

    Mimecast is collating and sharing a list of malicious or potentially malicious domains related to these attacks. All domains will be blocked by Mimecast and organizations should also consider using this list to update protection in other security tools.

    Targeting:

    Global, All Sectors

    URLs:

    • Clownstrike[.]co[.]uk
    • Thecrowdstrike[.]com
    • www[.]thecrowdstrike[.]com
    • crowdstrike-hotfix[.]zip
    • crowdstrike-okta[.]quickintuits[.]top

    Click here to access the complete list of URLs.

    Back to Top