Breach cyber

CrowdStrike

Jan 11, 2025 1 min read
CrowdStrike

On January 7, 2025, CrowdStrike fell victim to a sophisticated phishing campaign that abused its recruitment branding, leading potential job applicants to inadvertently install a cryptominer, specifically the XMRig. The attackers crafted convincing phishing emails, promising the prospects a junior developer position and directing them to a fraudulent website. This site offered a fake 'employee CRM application,' which was, in reality, malware in the guise of a Windows executable. The attackers included evasion techniques to avoid detection, and upon passing these checks, the malware proceeded to use the victim's resources to mine cryptocurrency. This not only misused the company's resources but also possibly damaged its reputation among potential job applicants.

Source: https://securityaffairs.com/172900/cyber-crime/crowdstrike-phishing-campaign-recruitment-branding.html

"id": "cro000011125",
"linkid": "crowdstrike",
"type": "Breach",
"date": "1/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

US Treasury

public 1 min read
The US Treasury Department experienced a security breach where attackers exploited vulnerabilities in BeyondTrust's remote tech support software,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.