In the past six months, the U.S. and Israel made up 60 percent of APT42’s known geographic targeting, according to new research.
The attack’s abuse of Cloudflare Tunnels is part of an overall increase in malware delivery via this vector, said researchers.
The CrowdStrike Falcon update issue has become an attractive lure for cybercrime groups as affected organizations continue work to recover from the outage.
In a Friday statement, CISA said that it has observed threat actors taking advantage of the massive global outages, linked to a faulty CrowdStrike update, for phishing “and other malicious activity.”
In order to convince LastPass users to hand over their passwords, attackers used a mix of phone calls, phishing emails and a phishing page under the domain “help-lastpass[.]com,” which has since been taken down.