Suspicious Domains Appear After CrowdStrike Update Issue

Threat Actor: Unknown | unknown
Victim: CrowdStrike | CrowdStrike
Price: Potential financial loss due to scams
Exfiltrated Data Type: Sensitive data requests

Key Points :

  • Threat actors registered fake domains to exploit the CrowdStrike update issue.
  • The malicious domains may be used for social engineering attacks, requesting sensitive information.
  • Examples of suspicious domains include crowdstrike-bsod.com and crowdstrike-helpdesk.com.

Due to CrowdStrike’s most recent update, numerous vital infrastructures and organizations encountered unexpected and serious challenges on Friday. Many devices saw the Blue Screen of Death (BSOD) after the upgrade, making them unusable. The faulty update has been fixed by CrowdStrike, but the potential risks don’t end there.

Following the CrowdStrike update issue, threat actors began to register fake domains in an attempt to use the outage to target enterprises through social engineering attacks. Although these domains aren’t specifically phishing pages, they could nevertheless be used maliciously. Threat actors may disseminate different infections under the pretext of “solutions to fix the problem” or demand payment. They might also request sensitive data in order to reach the “support line.”

The fake website below shows one of the scamming attempts. It presents itself as a support page of CrowdStrike and offer fake services.

Here are some examples of the suspicious domains:

  • crowdstrike-bsod[.]com
  • crowdstrike-helpdesk[.]com
  • crowdstrike0day[.]com
  • crowdstrike[.]fail
  • crowdstrikebluescreen[.]com
  • crowdstrikebsod[.]com
  • crowdstrikebug[.]com
  • crowdstrikeclaim[.]com
  • crowdstrikedoomsday[.]com
  • crowdstrikedown[.]site
  • crowdstrikefail[.]com
  • crowdstrikefix[.]com
  • crowdstrikefix[.]zip
  • crowdstrikehealthcare[.]com
  • crowdstrikeoopsie[.]com
  • crowdstrikeoutage[.]info
  • crowdstrikereport[.]com
  • crowdstriketoken[.]com
  • crowdstrikeupdate[.]com
  • crowdstrikeupdate[.]com
  • fix-crowdstrike-apocalypse[.]com
  • fix-crowdstrike-bsod[.]com
  • iscrowdstrikedown[.]com
  • iscrowdstrikedown[.]com
  • isitcrowdstrike[.]com
  • microsoftcrowdstrike[.]com
  • whatiscrowdstrike[.]com

The post Suspicious Domains Emerged After Faulty CrowdStrike Update appeared first on Daily Dark Web.