BleepingComputer reports that attacks exploiting the faulty CrowdStrike Falcon update that resulted in a massive global IT outage were immediately launched by threat actors to facilitate the deployment of malicious payloads.|
Intrusions offering a fraudulent fix for the issue were reported by cybersecurity researcher g0njxa and AnyRun to have been conducted to deploy the Remcos RAT trojan, with the former observing such a malware campaign through a phishing portal purporting to be from Spanish financial services firm BBVA.
HijackLoader malware delivered by the fake hotfix facilitated Remcos RAT distribution, according to AnyRun. Another attack campaign discovered by AnyRun involved phony CrowdStrike updates to deploy a data wiper against organizations across Israel.
Such an operation, admitted to have been launched by pro-Iranian hacktivist group Handala, entailed the use of CrowdStrike-spoofing phishing emails with a download link for the malicious ZIP archive, which when executed triggered a data wiping attack against targeted devices' files.