Short Summary:

On July 24, 2024, a threat actor conducted a spear-phishing attack against a German entity by distributing a password-protected installer disguised as a Falcon Crash Reporter. The installer executed a sophisticated agent, named Ciro, using LLVM Intermediate Representation (IR) bitcode, indicating a high level of social engineering and malware sophistication.…

Read More

The threat intel data noted in this report is available to tens of thousands of customers, partners and prospects – and hundreds of thousands of users. Adversaries exploit current events for attention and gain. We remain committed to sharing data with the community.

On July 24, 2024, hacktivist entity USDoD claimed on English-language cybercrime forum BreachForums to have leaked CrowdStrike’s “entire threat actor list.”1…

Read More

Phishing is a formidable–and financially devastating–threat costing organizations $4.76 million USD per breach on average.  With a simple, deceptive email, adversaries can masquerade as trusted entities, tricking even savvy individuals into handing over their credentials and other sensitive information. Whether it’s a duplicitous link or a crafty call to action, phishing remains one of the most insidious cybersecurity threats, leveraging a vulnerability that can’t be patched: human nature.…

Read More
CrowdStrike Falcon® Next-Gen SIEM enables companies to search, investigate and hunt down threats, including detection of advanced ransomware targeting VMware ESXi  Initial access to the ESXi infrastructure1 is typically gained through lateral movement using valid credentials eCrime actors target and deploy ransomware in ESXi environments to increase the impact and scale of their attacks, which can be devastating for organizations

CrowdStrike Falcon Next-Gen SIEM, the definitive AI-native platform for detecting, investigating and hunting down threats, enables advanced detection of ransomware targeting VMware ESXi environments. …

Read More

Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation. 

However, as organizations migrate to the cloud, they face a complex and growing threat landscape of sophisticated and cloud-conscious threat actors.…

Read More

Latin America (LATAM) is a growing market, and threat actors have used numerous eCrime malware variants to target users in this region. Over the past few years, many researchers have characterized the tactics, techniques and procedures (TTPs) of widespread Latin America malware families, including but not limited to Mispadu, Grandoreiro, Mekotio, Casbaneiro, Metamorfo and Astaroth.…

Read More
HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and tooling A recent HijackLoader variant employs sophisticated techniques to enhance its complexity and defense evasion CrowdStrike detects this new HijackLoader variant using machine learning and behavior-based detection capabilities 

CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat.…

Read More