Learn how CrowdStrike detected SCATTERED SPIDER's attempt to deploy a malicious driver through a vulnerability (CVE-2015-2291) in the Intel Ethernet diagnostics driver.

By deploying ransomware on ESXi hosts, adversaries quickly increased the scope of affected systems, further pressuring victims to pay the ransom demands.

By deploying ransomware on ESXi hosts, adversaries quickly increased the scope of affected systems, further pressuring victims to pay the ransom demands.

CrowdStrike Falcon® OverWatch analyzes CVE-2021-44228 (Log4Shell) and the ongoing attempts to exploit the Log4j2 vulnerability, and offers mitigation recommendations.

In this blog, we offer a technical analysis of SUNSPOT, malware that was deployed into the build environment to inject this backdoor into the SolarWinds Orion platform.

The launch of CrowdStrike Counter Adversary Operations unites Falcon OverWatch and CrowdStrike Intelligence to stop modern breaches. Learn more!

CrowdStrike Falcon® OverWatch analyzes CVE-2021-44228 (Log4Shell) and the ongoing attempts to exploit the Log4j2 vulnerability, and offers mitigation recommendations.

EMBER BEAR is an adversary group aimed at creating public mistrust in targeted institutions and degrading government ability to counter Russian cyber operations.

Summarizing a year defined by adversarial stealth, the highly anticipated CrowdStrike 2024 Global Threat Report uncovers notable themes, trends, and events.

A July 19, 2024, Falcon sensor content update issue is likely being used by threat actors to target CrowdStrike customers. Learn more.

Learn how CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access.

CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. Learn more here.

This blog discusses the StellarParticle campaign and the novel tactics and techniques used in supply chain attacks observed by CrowdStrike incident responders.

We explain how PartyTicket ransomware used in Ukraine attacks only superficially encrypts files, and outline how it's possible to recover the encrypted files.

The CrowdStrike Intelligence team shares its analysis of key observations from WIZARD SPIDER's BazarLoader, Conti and Ryuk operations over recent months.

Read our blog post to learn how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.

Join CrowdStrike for an exclusive threat briefing on the latest adversary trends and key findings from the CrowdStrike 2024 Threat Hunting Report.

Learn about the CrowdStrike Falcon sensor architecture on the Windows operating system, including user benefits and common misconceptions.

New tactics from PINCHY SPIDER affiliates indicate a shift toward GandCrab ransomware in targeted, low-volume/high-return “big game hunting” attacks.

Learn how the notorious ransomware operators have responded to the DarkSide pipeline attack and the effect it's had on the ransomware-as-a-service landscape.

Ploutus malware protects its code with a commercial obfuscator named .NET Reactor. We demonstrate how to build a deobfuscator to combat this technique.

Learn more about a Word document CrowdStrike Intelligence identified containing macros that download an unidentified stealer now tracked as Daolpu.

CrowdStrike Intelligence has identified Hades ransomware as INDRIK SPIDER’s successor to WastedLocker. Discover how the team identified this adversary evolution.

A likely eCrime actor is targeting LATAM-based CrowdStrike Customers with July 19, 2024 Falcon sensor issue using filenames. Learn more.

Since August 2018, Ryuk Ransomware has been used to target enterprise environments. Threat actors operating it have netted over $3,701,893.98 USD to date.

A threat actor distributed a malicious installer named Ciro posing as an inauthentic Falcon Crash Reporter Installer. Learn more.

The CrowdStrike threat teams have confirmed a recent supply chain attack delivering malware via a trojanized installer for the Comm100 Live Chat application.

Adversaries exploit current events for attention and gain. We remain committed to sharing data with the community.

This blog evaluates past cyber operations of adversaries related to Russia against Ukrainian interests, and forecasts future operations within the region.

Our analysis outlines why the Channel File 291 incident is not exploitable in a way that achieves privilege escalation or remote code execution and we detail how we secure the Falcon sensor’s channel...

A set of malware dubbed "WhisperGate" was recently reported to have been deployed against Ukrainian targets. This blog breaks down how the malicious bootloader works.

CrowdStrike offers tools and step-by-step instructions for recovering your Master File Table (MFT) after a NotPetya or Petya attack. With the aid of the supplied tools, almost all of the Master File...

“Iran’s digital presence is something we don’t want to underestimate.” Though its cyber activity has been making headlines during a dynamic past few weeks, Iran’s history as a major player in the...

A malicious inauthentic Falcon Crash Reporter installer was distributed to a German entity via a spearphishing website. Learn more.

Explore this post and more from the crowdstrike community

Quick tool for using Hybrid Analysis API on command line.. - adamcrowdstrike/HybridAPI

The Falcon Complete MDR team discovered and blocked a zero-day exploit (CVE-2023-36874) affecting Windows Error Reporting. Learn more about the discovery and response!

CrowdStrike outlines the best methods to hunt for the JustForFun implant used by DecisiveArchitect to target global telecommunications companies.

In this blog, we describe our journey of identifying and exploiting a stack-based buffer overflow vulnerability on the Western Digital My Cloud Pro Series PR4100 NAS.

The 2021 Cyber Front Lines Report brings together the insights & observations of CrowdStrike's Services team. Download the report today!

Over the past 10 years, the escapades of various nation-state actors in the cyber realm have ...

Explore this post and more from the crowdstrike community

Suspected Chinese hackers tampered with widely used software distributed by a small Canadian customer service company, another example of a "supply chain compromise" made infamous by the hack on U.S....

The #1 blog in cybersecurity. Industry news, insights from cybersecurity experts, and new product, feature, and company announcements.

Read this blog post to learn how Falcon Complete detected and thwarted VANGUARD PANDA (Volt Typhoon) tradecraft.

*UNMAINTAINED* Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts - msuiche/porosity

A new campaign in which BokBot is distributing a custom variant of a TrickBot module signals a more intimate relationship between the two adversaries, WIZARD SPIDER and LUNAR SPIDER. A historical...

Join CrowdStrike experts and business leaders across industries to discuss the most pressing cybersecurity issues facing enterprises and how to stay ahead.

Lumma Stealer packed with CyberIt is being distributed using a CrowdStrike Falcon Sensor Update phishing lure. Learn more.

The CrowdStrike Falcon® platform provides continuous protection from the wiper-style malware used to target Ukraine by offering real-time visibility across workloads.

The #1 blog in cybersecurity. Industry news, insights from cybersecurity experts, and new product, feature, and company announcements.

CrowdStrike Counter Adversary Operations has been investigating cyberattacks targeting organizations in the transportation, logistics & technology sectors.

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Reuters (Can Sezer) — Turkey is investigating how hackers have posted...

CrowdStrike analyzed a new Cutwail spam campaign from NARWHAL SPIDER that uses digital steganography to distribute URLZone.