Counter Adversary Operations

U.S. Department of Justice Indicts Hacktivist Group Anonymous Sudan for Prominent DDoS Attacks in 2023 and 2024
International Authorities Indict, Sanction Additional INDRIK SPIDER Members and Detail Ties to BITWISE SPIDER and Russian State Activity
How CrowdStrike Hunts, Identifies and Defeats Cloud-Focused Threats
Malicious Inauthentic Falcon Crash Reporter Installer Delivers LLVM-Based Mythic C2 Agent Named Ciro
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity via Spearphishing Website
Hacktivist Entity USDoD Claims to Have Leaked CrowdStrike’s Threat Actor List
Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure
Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure
Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer
Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers
Falcon Sensor Content Issue from July 19, 2024, Likely Used to Target CrowdStrike Customers
CrowdStrike’s One-Click Hunting Simplifies Threat Hunting for Security Teams
Secure Your Staff: How to Protect High-Profile Employees' Sensitive Data on the Web
Still Alive: Updates for Well-Known Latin America eCrime Malware Identified in 2023
CrowdStrike 2024 Global Threat Report: Adversaries Gain Speed and Stealth
How Malicious Insiders Use Known Vulnerabilities Against Their Organizations
5 Tips to Defend Against Access Brokers This Holiday Season
IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations
Automation Advancements in Falcon Intelligence Recon: Disrupt the Adversary and Reduce Risk
Announcing CrowdStrike Falcon Counter Adversary Operations Elite
eCriminals Share Ways to Impersonate School Staff to Steal Paychecks
Amid Sharp Increase in Identity-Based Attacks, CrowdStrike Unveils New Threat Hunting Capability
Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874
CrowdStrike Debuts Counter Adversary Operations Team to Fight Faster and Smarter Adversaries as Identity-Focused Attacks Skyrocket
CrowdStrike Named a Leader that “Delivers World-Class Threat Intelligence” in 2023 Forrester Wave
Making Sense of the Dark Web with Falcon Intelligence Recon+
Hypervisor Jackpotting, Part 3: Lack of Antivirus Support Opens the Door to Adversary Attacks
CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers
QakBot eCrime Campaign Leverages Microsoft OneNote Attachments
How to Mature Your Threat Intelligence Program
Exploiting CVE-2021-3490 for Container Escapes
SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security
CrowdStrike Named a Leader in Frost & Sullivan’s 2022 Frost Radar for Cyber Threat Intelligence
Expose and Disrupt Adversaries Beyond the Perimeter with CrowdStrike Falcon Intelligence Recon
’Tis the Season for eCrime
Evicting Typosquatters: How CrowdStrike Protects Against Domain Impersonations
CrowdStrike Falcon® Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer
Adversary Quest 2022 Walkthrough, Part 3: Four PROTECTIVE PENGUIN Challenges
Adversary Quest 2022 Walkthrough, Part 2: Four TABLOID JACKAL Challenges
Adversary Quest 2022 Walkthrough, Part 1: Four CATAPULT SPIDER Challenges
Callback Malware Campaigns Impersonate CrowdStrike and Other Cybersecurity Companies
Tales from the Dark Web: How Tracking eCrime’s Underground Economy Improves Defenses
Capture the Flag: CrowdStrike Intelligence Adversary Quest 2022
For the Common Good: How to Compromise a Printer in Three Simple Steps
Naming Adversaries and Why It Matters to Your Security Team
Quadrant Knowledge Solutions Names CrowdStrike a Leader in the 2022 SPARK Matrix for Digital Threat Intelligence Management
Follow the Money: How eCriminals Monetize Ransomware
Who is EMBER BEAR?
A Tale of Two Cookies: How to Pwn2Own the Cisco RV340 Router
PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell
Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities
Access Brokers: Who Are the Targets, and What Are They Worth?
Lessons Learned From Successive Use of Offensive Cyber Operations Against Ukraine and What May Be Next
Technical Analysis of the WhisperGate Malicious Bootloader
Log4j2 Vulnerability "Log4Shell" (CVE-2021-44228)
Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes
A Foray into Fuzzing
Ploutus ATM Malware Case Study: Automated Deobfuscation of a Strongly Obfuscated .NET Binary
Scheming with URLs: One-Click Attack Surface in Linux Desktop Environments
CARBON SPIDER Embraces Big Game Hunting, Part 2
ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
Sidoh: WIZARD SPIDER’s Mysterious Exfiltration Tool
CARBON SPIDER Embraces Big Game Hunting, Part 1
PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity
CrowdStrike Announces CrowdStrike Falcon Intelligence Recon+ to Combat Cybercriminals
The Evolution of PINCHY SPIDER from GandCrab to REvil
Adversary Quest 2021 Walkthrough, Part 3: Four PROTECTIVE PENGUIN Challenges
DarkSide Pipeline Attack Shakes Up the Ransomware-as-a-Service Landscape
Increasing Relevance of Access Broker Market Shown in Improved ECX Model
Adversary Quest 2021 Walkthrough, Part 2: Four SPACE JACKAL Hacktivist Challenges
Adversary Quest 2021 Walkthrough, Part 1: Four CATAPULT SPIDER eCrime Challenges
Forrester Names CrowdStrike a Leader in the 2021 Wave for External Threat Intelligence
INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions
Hypervisor Jackpotting, Part 1: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
Explore the Adversary Universe
Pwn2Own: A Tale of a Bug Found and Lost Again
Join the Challenge: CrowdStrike Intelligence Adversary Quest 2021
SUNSPOT: An Implant in the Build Process
Hacking Farm to Table: Threat Hunters Uncover Rise in Attacks Against Agriculture
New Podcast Series: The Importance of Cyber Threat Intelligence in Cybersecurity
WIZARD SPIDER Update: Resilient, Reactive and Resolute
Double Trouble: Ransomware with Data Leak Extortion, Part 2
Double Trouble: Ransomware with Data Leak Extortion, Part 1
Who Is PIONEER KITTEN?
Exploiting GlobalProtect for Privilege Escalation, Part Two: Linux and macOS
Exploiting GlobalProtect for Privilege Escalation, Part One: Windows
Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques
Situational Awareness: Cyber Threats Heightened by COVID-19 and How to Protect Against Them
Who is REFINED KITTEN?
WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN
Ransomware Increases the Back-to-School Blues
Who is Salty Spider (Sality)?
CrowdStrike Mobile Threat Report Offers Trends and Recommendations for Securing Your Organization
BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0
New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration
PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware
"Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
Who is FANCY BEAR (APT28)?
Enhancing Secure Boot Chain on Fedora 29
Widespread DNS Hijacking Activity Targets Multiple Sectors
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
Farewell to Kelihos and ZOMBIE SPIDER
Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN
Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
Meet CrowdStrike’s Adversary of the Month for October: DUNGEON SPIDER
Cutwail Spam Campaign Uses Steganography to Distribute URLZone
Two Birds, One STONE PANDA
Meet CrowdStrike’s Adversary of the Month for August: GOBLIN PANDA
Arrests Put New Focus on CARBON SPIDER Adversary Group
Meet CrowdStrike’s Adversary of the Month for July: WICKED SPIDER
Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA
Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA
Why North Korean Cyberwarfare is Likely to Intensify
Software Supply Chain Attacks Gained Traction in 2017 and Are Likely to Continue
Meet CrowdStrike's Adversary of the Month for February: MUMMY SPIDER
CrowdStrike's January Adversary of the Month: VOODOO BEAR
Malicious Spear-Phishing Campaign Targets Upcoming Winter Olympics in South Korea
An End to “Smash-and-Grab” and a Move to More Targeted Approaches
Full Decryption of Systems Encrypted by Petya/NotPetya
Software Supply Chain Attacks on the Rise, Undermining Customer Trust
Protecting the Software Supply Chain: Deep Insights into the CCleaner Backdoor
Decrypting NotPetya/Petya: Tools for Recovering Your MFT After an Attack
CrowdStrike Protects Against NotPetya Attack
Falcon Intelligence Report: Wanna Ransomware Spreads Rapidly; CrowdStrike Falcon® Prevents the Attack
Inside the Takedown of ZOMBIE SPIDER and the Kelihos Botnet
VirusTotal Lookups Are Back in CrowdInspect, CrowdStrike’s Popular Free Tool
Blocking Malicious PowerShell Downloads
Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units
Bear Hunting: Tracking Down COZY BEAR Backdoors
CrowdStrike’s New Methodology for Tracking eCrime
M&A – Buying While Cyber Blind?
Cyber Skirmish: Russia v. Turkey
Using OS X FSEvents to Discover Deleted Malicious Artifacts
Investigating PowerShell: Command and Script Logging
Nothing else is working. Why not memory forensics?
Sakula Reloaded
How to Learn from Adversaries as they Test Attack Strategies
Blurring of Commodity and Targeted Attack Malware
Falcon Zero-Day Flash Detection
Rhetoric Foreshadows Cyber Activity in the South China Sea
VENOM Vulnerability Details
3 Tips for Operationalizing Cyber Intelligence
RSA 2015 Hacking Exposed: CrowdResponse Update Released
Operational threat intelligence with Maltego Transform Hub
Adversaries Set Their Sights on Oil and Gas Sector
Chopping packets: Decoding China Chopper Web shell traffic over SSL
Surgeon with a Shotgun! - Memory Forensics
Parsing Sysmon Events for IR Indicators
Cyber Kung-Fu: The Great Firewall Art of DNS Poisoning
Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool
Advanced Falconry: Seeking Out the Prey with Machine Learning
I am Ironman: DEEP PANDA Uses Sakula Malware to Target Organizations in Multiple Sectors
Peering Around the Corner
CVE-2014-1761 - The Alley of Compromise
Mitigating Bash ShellShock
Occupy Central: The Umbrella Revolution and Chinese Intelligence
Registry Analysis with CrowdResponse
Hat-tribution to PLA Unit 61486
Gameover
New CrowdResponse Modules
Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN
CrowdStrike Heartbleed Scanner - Update
Mo' Shells Mo' Problems - Network Detection
Mo' Shells Mo' Problems - Web Server Log Analysis
Mo' Shells Mo' Problems - File List Stacking
Mo' Shells Mo' Problems - Deep Panda Web Shells
Native Java Bytecode Debugging without Source Code
Through the Window: Creative Code Invocation
Protected Processes Part 3: Windows PKI Internals (Signing Levels, Scenarios, Signers, Root Keys, EKUs & Runtime Signers)
The Evolution of Protected Processes Part 2: Exploit/Jailbreak Mitigations, Unkillable Processes and Protected Services
Analysis of a CVE-2013-3906 Exploit
The Evolution of Protected Processes - Part 1: Pass-the-Hash Mitigations in Windows 8.1
VICEROY TIGER Delivers New Zero-Day Exploit
DNS - The Lifeblood of your Domain
Rare Glimpse into a Real-Life Command-and-Control Server
Who is Samurai Panda
Who is Clever Kitten
Whois Numbered Panda
Who is Anchor Panda
Free Community Tool: CrowdInspect
HTTP iframe Injecting Linux Rootkit
Unpacking Dynamically Allocated Code
CrowdStrike Intelligence - Adversary-based Approach