The CrowdStrike Falcon update issue has become an attractive lure for cybercrime groups as affected organizations continue work to recover from the outage.
A known APT espionage group known as Daggerfly has updated its toolset in a number of recent attacks against organizations in Taiwan, as well as a U.S. non-governmental organization in China.
In a Friday statement, CISA said that it has observed threat actors taking advantage of the massive global outages, linked to a faulty CrowdStrike update, for phishing “and other malicious activity.”
An issue with an update for CrowdStrike's Falcon sensor software has caused Windows machines to fail and is linked to Microsoft Azure outages around the world.
FIN7 is a highly active and capable cybercrime group also known as Carbanak that has been evolving and using its own tools such as AvNeutralizer for many years. SentinelOne researchers Antonio Cocomazzi helps us dig into the group's tactics and tools.