CrowdStrike Falcon Outage Exploited for Social Engineering

CIS CTI reports that following the July 19, 2024 CrowdStrike Falcon content update outage, threat actors launched opportunistic social-engineering campaigns leveraging typosquatted CrowdStrike-themed domains and a fake “Crowdstrike-hotfix.zip” to deliver HijackLoader and RemCos RAT; the report provides extensive IOCs (domains, hashes, and a C2), maps activity to MITRE ATT&CK (e.g., phishing, user execution), and urges SLTT entities to use official vendor guidance and monitor shared indicators.