The CrowdStrike Falcon update issue has become an attractive lure for cybercrime groups as affected organizations continue work to recover from the outage.
In a Friday statement, CISA said that it has observed threat actors taking advantage of the massive global outages, linked to a faulty CrowdStrike update, for phishing “and other malicious activity.”
In order to convince LastPass users to hand over their passwords, attackers used a mix of phone calls, phishing emails and a phishing page under the domain “help-lastpass[.]com,” which has since been taken down.
The Russian APT known as COLDRIVER is using a new backdoor called SPICA in phishing campaigns against NGOs and governments.
Microsoft is warning enterprises about a recent Teams-based phishing campaign operated by a developing thrat group known as Storm-0342.