If you are a customer of CrowdStrike, you are working on recovering from the outage that occurred on July 19, 2024. As if that isn’t enough disruption, CrowdStrike is warning customers that threat actors are taking advantage of the situation by using fake websites and domains, sending phishing emails impersonating CrowdStrike, and offering malicious products and services to “assist” customers with recovery from the outage.

CrowdStrike has been monitoring malicious activity and is reporting that threat actors are conducting the following activity:

  • Sending phishing emails posing as CrowdStrike support to customers.
  • Impersonating CrowdStrike staff in phone calls.
  • Posing as independent researchers, claiming to have evidence the technical issue is linked to a cyber-attack and offering remediation insights.
  • Selling scripts purporting to automate recovery from the content update issue.

CrowdStrike Intelligence “recommends that organizations ensure they are communicating with CrowdStrike representatives through official channels and they adhere to technical guidance the CrowdStrike support teams have provided.” CrowdStrike has listed multiple fake domains that may contain malicious content on its website. The domains can also be used to “support future social-engineering operations.”