The Singapore Cyber Emergency Response Team (SingCERT), a government entity that detects and prevents cybersecurity breach-related incidents, has warned of “an ongoing phishing campaign targeting CrowdStrike users” by exploiting the global outage and ‘blue screen of death’ error.
SingCERT said in an advisory today: “On 19 July 2024, CrowdStrike, a major cybersecurity company, experienced a significant global outage that affected numerous organisations worldwide. The issue stemmed from a faulty update to CrowdStrike’s Falcon Sensor software, which is widely used by many companies and government bodies.”
Also read: Flight operations, businesses impacted amid global Microsoft outage
In this context, SingCERT warned: “There are reports of an ongoing phishing campaign targeting CrowdStrike users with threat actors leveraging the aforementioned events as lure themes to conduct the following activities:
- Sending phishing emails posing as CrowdStrike support to customers
- Impersonating CrowdStrike staff in phone calls
- Posing as independent researchers, claiming to have evidence that the technical issue is linked to a cyberattack and offering remediation insights
- Selling scripts purporting to automate recovery from the content update issue
“Possible malicious domains identified associated with the ongoing campaign that impersonate CrowdStrike’s brand are shown in the table below. System administrators may wish to configure their firewall rules to block connections to the following domains associated with the campaign.”
| DOMAIN |
| crowdstrike.phpartners[.]org |
| crowdstrike0day[.]com |
| crowdstrikebluescreen[.]com |
| crowdstrike-bsod[.]com |
| crowdstrikeupdate[.]com |
| crowdstrikebsod[.]com |
| www.crowdstrike0day[.]com |
| www.fix-crowdstrike-bsod[.]com |
| crowdstrikeoutage[.]info |
| www.microsoftcrowdstrike[.]com |
| crowdstrikeodayl[.]com |
| crowdstrike[.]buzz |
| www.crowdstriketoken[.]com |
| www.crowdstrikefix[.]com |
| fix-crowdstrike-apocalypse[.]com |
| microsoftcrowdstrike[.]com |
| crowdstrikedoomsday[.]com |
| crowdstrikedown[.]com |
| whatiscrowdstrike[.]com |
| crowdstrike-helpdesk[.]com |
| crowdstrikefix[.]com |
| fix-crowdstrike-bsod[.]com |
| crowdstrikedown[.]site |
| crowdstuck[.]org |
| crowdfalcon-immed-update[.]com |
| crowdstriketoken[.]com |
| crowdstrikeclaim[.]com |
| crowdstrikeblueteam[.]com |
| crowdstrikefix[.]zip |
| crowdstrikereport[.]com |
