Likely eCrime Actor Capitalizing on Falcon Sensor Issues

SUMMARY :

A cybercrime group has leveraged a content update issue with the CrowdStrike Falcon sensor to distribute malicious files targeting Latin American customers. The campaign involves a ZIP archive named 'crowdstrike-hotfix.zip' containing a HijackLoader payload that loads RemCos malware, using Spanish filenames and instructions, indicating it specifically aims at CrowdStrike clients in that region.

OPENCTI LABELS :

phishing,remcos,latam,hijackloader,falcon


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Likely eCrime Actor Capitalizing on Falcon Sensor Issues