{"id":197785,"date":"2024-07-30T03:00:04","date_gmt":"2024-07-30T10:00:04","guid":{"rendered":"https:\/\/www.mcafee.com\/blogs\/?p=197785"},"modified":"2024-07-26T10:57:26","modified_gmt":"2024-07-26T17:57:26","slug":"the-scam-strikes-back-exploiting-the-crowdstrike-outage","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/","title":{"rendered":"The Scam Strikes Back: Exploiting the CrowdStrike Outage"},"content":{"rendered":"<p><em><span class=\"TextRun SCXW249382617 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW249382617 BCX0\">Authored by Lakshya Mathur, Vallabh Chole &amp; Abhishek Karnik<\/span><\/span><\/em><\/p>\n<p>Recently we witnessed one of the <a href=\"https:\/\/www.mcafee.com\/blogs\/security-news\/crowdstrike-outage-provides-opportunities-for-scammers\/\" target=\"_blank\" rel=\"noopener\">most significant IT disruptions in history<\/a>, affecting a wide range of sectors such as banking, airlines, and emergency services. At the heart of this disruption was CrowdStrike, known for its Falcon enterprise security solutions. The issue stemmed from a faulty security update that corrupted the Windows OS kernel, leading to a widespread Blue Screen of Death (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Blue_screen_of_death\" target=\"_blank\" rel=\"noopener\">BSOD<\/a>).<\/p>\n<p>The incident spurred opportunistic behaviors among scammers and malware creators. McAfee Labs noted:<\/p>\n<ul>\n<li><strong>Non-Delivery Scams: <\/strong>Early signs of potential non-delivery scams shortly after the event, with some online stores quickly marketing merchandise that mocked the CrowdStrike incident.<\/li>\n<li><strong>Domain Spoofing:<\/strong> A noticeable surge in domain registrations containing the term \u201cCrowdStrike\u201d following the onset of the outage, there was Scammers may register domain names to trick people into thinking the site is related to a legitimate or familiar company, to deceive users into visiting the site for phishing attacks, spreading malware, or collecting sensitive information.<\/li>\n<li><strong>Malware: <\/strong>Malware developers swiftly disguised harmful software like Remcos, Wiper, and Stealers as remediation tools for the outage. Unsuspecting people may have downloaded this software in an effort to restore their systems.<\/li>\n<\/ul>\n<p><strong>Voice Scams:<\/strong> There were also reports of robocalls offering assistance for these issues, though these claims have not been verified by McAfee.<\/p>\n<p>It\u2019s important to note that Mac and Linux users were unaffected by this incident, as the problems were confined to Windows systems. Furthermore, since CrowdStrike primarily serves the enterprise market, the crashes predominantly affected business services rather than personal consumer systems. However, the ripple effects of the disruption may have caused inconvenience for consumers dealing with affected service providers, and all consumers should be extra vigilant regarding unsolicited communications from sources claiming to be an impacted business.<\/p>\n<p>This blog outlines the various malware threats and scams observed since the outage occurred on Friday, July 19, 2024.<\/p>\n<h2><strong>CrowdStrike Themed Malware<\/strong><\/h2>\n<ul>\n<li>Stealer payload via doc-based Macros<\/li>\n<\/ul>\n<p>This file, which seems to provide recovery guidelines, covertly incorporates a macro that silently installs malware designed to steal information.<\/p>\n<p><center><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-197786 size-full\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure1.jpg\" alt=\"\" width=\"610\" height=\"771\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure1.jpg 610w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure1-237x300.jpg 237w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure1-102x129.jpg 102w\" sizes=\"auto, (max-width: 610px) 100vw, 610px\" \/><\/center><\/p>\n<p style=\"text-align: center;\"><em>Malicious doc first page<\/em><\/p>\n<p><strong><em>Infection Chain<\/em><\/strong><\/p>\n<p>Zip -&gt; Doc -&gt; Cmd.exe -&gt; Curl.exe -&gt; Malicious URL -&gt; Rundll32.exe -&gt; Infostealer DLL payload<\/p>\n<p>Doc file uses malicious macros, Curl.exe and Certutil.exe to download malicious infostealer DLL payload.<\/p>\n<p>The stealer terminates all running Browser processes and then tries to steal login data and coolies from different browsers. All the stolen data is saved under %Temp% folder in a text file. This data is sent to the attacker&#8217;s C2 server.<\/p>\n<ul>\n<li>PDF file downloading Wiper Malware<\/li>\n<\/ul>\n<p>Attackers use a PDF file and malicious spam to trick victims into downloading a supposed recovery tool. Clicking the provided link connects to a malicious URL, which then downloads a Wiper malware payload. This data wiper is extracted under %Temp% folder and its main purpose is to destroy data stored on the victim&#8217;s device.<\/p>\n<p><center><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-197801 size-full\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure2.jpg\" alt=\"\" width=\"718\" height=\"800\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure2.jpg 718w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure2-269x300.jpg 269w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure2-116x129.jpg 116w\" sizes=\"auto, (max-width: 718px) 100vw, 718px\" \/><\/center><\/p>\n<p style=\"text-align: center;\"><em>PDF file with CrowdStrike remediation tool theme<\/em><\/p>\n<p><strong><em>Infection Chain<\/em><\/strong><\/p>\n<p>PDF -&gt; Malicious URL -&gt; Zip -&gt; Wiper payload<\/p>\n<ul>\n<li>Remcos RAT delivered with CrowdStrike Fix theme<\/li>\n<\/ul>\n<p>Zip files labeled \u201ccrowdstrike-hotfix.zip\u201d that carry Hijack Loader malware, which then deploys Remcos RAT, have been observed being distributed to victims. Additionally, the zip file includes a text file with instructions on how to execute the .exe file to resolve the issue.<\/p>\n<p>Remcos RAT allows attackers to take remote access to the victim&#8217;s machine and steal sensitive information from their system.<\/p>\n<h2>CrowdStrike Outage Impersonated Domains &amp; URLs<\/h2>\n<p>Once the outage gained media attention, numerous domains containing the word &#8220;crowdstrike&#8221; were registered, aimed at manipulating search engine results. Over the weekend, several of these newly registered domains became active.<\/p>\n<p>Here are some examples:<\/p>\n<ul>\n<li>Payment related domains<\/li>\n<\/ul>\n<p><em>https[:]\/\/pay.crowdstrikerecovery[.]com\/<\/em><em>\u00a0<\/em><em>, pay[.]clown-strike[.]com<\/em><em>\u00a0<\/em><em>, pay[.]strikeralliance[.]com<\/em><\/p>\n<p><em><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-197816 size-full\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure3.jpg\" alt=\"\" width=\"882\" height=\"928\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure3.jpg 882w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure3-285x300.jpg 285w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure3-768x808.jpg 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure3-123x129.jpg 123w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure3-24x24.jpg 24w\" sizes=\"auto, (max-width: 882px) 100vw, 882px\" \/><br \/>\n<\/em><\/p>\n<p style=\"text-align: center;\"><em>The rogue domains lead to the payments page<\/em><\/p>\n<ul>\n<li>Parked domains<\/li>\n<\/ul>\n<p><em>Crowdstrike-helpdesk[.]com<\/em><\/p>\n<p><center><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-197831 size-full\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure4.jpg\" alt=\"\" width=\"969\" height=\"923\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure4.jpg 969w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure4-300x286.jpg 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure4-768x732.jpg 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure4-135x129.jpg 135w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure4-24x24.jpg 24w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/><\/center><\/p>\n<p style=\"text-align: center;\"><em>Domains that are currently parked and not live<\/em><\/p>\n<ul>\n<li>Additionally, numerous cryptocurrency wallets were established using a theme inspired by CrowdStrike.<\/li>\n<\/ul>\n<p><center><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-197846 size-full\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure5.JPG.png\" alt=\"\" width=\"780\" height=\"654\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure5.JPG.png 780w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure5.JPG-300x252.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure5.JPG-768x644.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/07\/Figure5.JPG-154x129.png 154w\" sizes=\"auto, (max-width: 780px) 100vw, 780px\" \/><\/center><\/p>\n<p style=\"text-align: center;\"><em>twitter[.]com\/CrowdStrikeETH\/<\/em><\/p>\n<p>Some other wallets related to CrowdStrike Outage apart from above mentioned.<\/p>\n<p>bitcoin:1M8jsPNgELuoXXXXXXXXXXXyDNvaxXLsoT<\/p>\n<p>ethereum:0x1AEAe8c6XXXXXXXXXXX76ac49bb3816A4eB4455b<\/p>\n<p>To summarize, the majority of consumers using devices at home might not be directly affected by this incident. However, if you have experienced issues such as airline delays, banking disruptions, healthcare, or similar service interruptions since July 19th, they could be related to this event.<\/p>\n<p>Be wary if you receive phone calls, SMS messages, emails, or any form of contact offering assistance to remedy this situation. Unless you operate a business that uses CrowdStrike, you are likely not affected.<\/p>\n<p>For the remediation process and steps follow the official article from CrowdStrike &#8211; <a href=\"https:\/\/www.crowdstrike.com\/falcon-content-update-remediation-and-guidance-hub\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.crowdstrike.com\/falcon-content-update-remediation-and-guidance-hub\/<\/a><\/p>\n<p>List of known malware hashes and potentially unwanted domains:<\/p>\n<table width=\"664\">\n<tbody>\n<tr>\n<td width=\"481\"><strong>Hashes<\/strong><\/td>\n<td width=\"183\"><strong>Type<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"481\">96dec6e07229201a02f538310815c695cf6147c548ff1c6a0def2fe38f3dcbc8<\/td>\n<td width=\"183\">Wiper Zip<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61<\/td>\n<td width=\"183\">Stealer Docx<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">c44506fe6e1ede5a104008755abf5b6ace51f1a84ad656a2dccc7f2c39c0eca2<\/td>\n<td width=\"183\">RemcosRAT Zip<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">19001dd441e50233d7f0addb4fcd405a70ac3d5e310ff20b331d6f1a29c634f0<\/td>\n<td width=\"183\">Wiper PDF<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">d6d5ff8e9dc6d2b195a6715280c2f1ba471048a7ce68d256040672b801fda0ea<\/td>\n<td width=\"183\">RemcosRAT DLL<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">4491901eff338ab52c85a77a3fbd3ce80fda738046ee3b7da7be468da5b331a3<\/td>\n<td width=\"183\">Wiper EXE<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<table width=\"481\">\n<tbody>\n<tr>\n<td width=\"481\"><strong>Domains<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/crowdstrike0day[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/crowdstrikefix[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/crowdstrike-bsod[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/crowdstrikedoomsday[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/crowdstrikedown[.]site<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/www[.]crowdstriketoken[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/crowdstriketoken[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/crowdstrikebsod[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/fix-crowdstrike-apocalypse[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdfalcon-immed-update[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrikefix[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/fix-crowdstrike-apocalypse[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/crowdstrike[.]phpartners[.]org<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxps:\/\/www[.]crowdstrikefix[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrikebsod[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrikeclaim[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrikeupdate[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrike[.]buzz<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrike0day[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrike-bsod[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrikedoomsday[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrikedown[.]site<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrikefix[.]zip<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrike-helpdesk[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrikeoutage[.]info<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstrikereport[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstriketoken[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/crowdstuck[.]org<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/fix-crowdstrike-bsod[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/microsoftcrowdstrike[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/microsoftcrowdstrike[.]com\/<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/whatiscrowdstrike[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"481\">hxxp:\/\/www[.]crowdstrikefix[.]com<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authored by Lakshya Mathur, Vallabh Chole &amp; Abhishek Karnik Recently we witnessed one of the most significant IT disruptions in&#8230;<\/p>\n","protected":false},"author":695,"featured_media":190932,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[4136],"class_list":["post-197785","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Scam Strikes Back: Exploiting the CrowdStrike Outage | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Authored by Lakshya Mathur, Vallabh Chole &amp; Abhishek Karnik Recently we witnessed one of the most significant IT disruptions in history, affecting a\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Scam Strikes Back: Exploiting the CrowdStrike Outage | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Authored by Lakshya Mathur, Vallabh Chole &amp; Abhishek Karnik Recently we witnessed one of the most significant IT disruptions in history, affecting a\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-30T10:00:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/04\/300x200_Blog_021323.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"The Scam Strikes Back: Exploiting the CrowdStrike Outage\",\"datePublished\":\"2024-07-30T10:00:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/\"},\"wordCount\":1025,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/04\/300x200_Blog_021323.png\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/\",\"name\":\"The Scam Strikes Back: Exploiting the CrowdStrike Outage | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/04\/300x200_Blog_021323.png\",\"datePublished\":\"2024-07-30T10:00:04+00:00\",\"description\":\"Authored by Lakshya Mathur, Vallabh Chole &amp; Abhishek Karnik Recently we witnessed one of the most significant IT disruptions in history, affecting a\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/04\/300x200_Blog_021323.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/04\/300x200_Blog_021323.png\",\"width\":300,\"height\":200},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"The Scam Strikes Back: Exploiting the CrowdStrike Outage\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Scam Strikes Back: Exploiting the CrowdStrike Outage | McAfee Blog","description":"Authored by Lakshya Mathur, Vallabh Chole &amp; Abhishek Karnik Recently we witnessed one of the most significant IT disruptions in history, affecting a","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"The Scam Strikes Back: Exploiting the CrowdStrike Outage | McAfee Blog","og_description":"Authored by Lakshya Mathur, Vallabh Chole &amp; Abhishek Karnik Recently we witnessed one of the most significant IT disruptions in history, affecting a","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2024-07-30T10:00:04+00:00","og_image":[{"width":300,"height":200,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/04\/300x200_Blog_021323.png","type":"image\/png"}],"author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"The Scam Strikes Back: Exploiting the CrowdStrike Outage","datePublished":"2024-07-30T10:00:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/"},"wordCount":1025,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/04\/300x200_Blog_021323.png","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/","name":"The Scam Strikes Back: Exploiting the CrowdStrike Outage | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/04\/300x200_Blog_021323.png","datePublished":"2024-07-30T10:00:04+00:00","description":"Authored by Lakshya Mathur, Vallabh Chole &amp; Abhishek Karnik Recently we witnessed one of the most significant IT disruptions in history, affecting a","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/04\/300x200_Blog_021323.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2024\/04\/300x200_Blog_021323.png","width":300,"height":200},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/the-scam-strikes-back-exploiting-the-crowdstrike-outage\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"The Scam Strikes Back: Exploiting the CrowdStrike Outage"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/197785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=197785"}],"version-history":[{"count":4,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/197785\/revisions"}],"predecessor-version":[{"id":197864,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/197785\/revisions\/197864"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/190932"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=197785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=197785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=197785"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=197785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}