July 20, 2024 at 01:30PM
CrowdStrike’s flawed Windows update led to a global IT disruption, exploited by threat actors to distribute Remcos RAT to Latin American customers using a disguised hotfix. The attack involves a ZIP file containing a malware loader and Spanish instructions, targeting CrowdStrike’s Latin America-based customers. Malicious actors are also setting up typosquatting domains to exploit the chaos.
From the meeting notes, it is clear that cybersecurity firm CrowdStrike is facing repercussions for a flawed update to Windows devices, resulting in widespread IT disruptions. Threat actors are taking advantage of the situation to distribute Remcos RAT to CrowdStrike customers in Latin America under the guise of providing a hotfix. The attack involves a ZIP archive file named “crowdstrike-hotfix.zip,” which contains a malware loader named Hijack Loader, launching the Remcos RAT payload. Notably, the campaign is targeting Latin America-based CrowdStrike customers, with Spanish-language instructions within the ZIP file. CrowdStrike has acknowledged that a routine sensor configuration update inadvertently triggered a logic error, causing a Blue Screen of Death for numerous systems. Malicious actors are also setting up typosquatting domains impersonating CrowdStrike to offer services to affected companies for a cryptocurrency payment. CrowdStrike is advising impacted customers to communicate through official channels and adhere to technical guidance provided by their support teams.