Businesses worldwide faced significant disruptions as a recent CrowdStrike update caused Windows workstations to crash, leading to the infamous “blue screen of death.” CrowdStrike acknowledged the issue and assured users that a patch had been deployed to fix the problem in its Falcon Sensor product. CEO George Kurtz emphasized that this was not a security incident or cyberattack, and Mac and Linux hosts were unaffected.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.”
Users experiencing issues are advised to boot Windows in Safe Mode or Windows Recovery Environment, navigate to the C:\Windows\System32\drivers\CrowdStrike directory, delete the file named “C-00000291*.sys,” and restart their systems. The update also impacted Google Cloud Compute Engine, causing Windows virtual machines to crash and reboot unexpectedly.
APT41 Targets Multiple Industries in Spain, Taiwan, U.K., and Turkey
The China-based APT41 hacking group has intensified its activities, targeting technological, media, shipping, and logistics industries in Thailand, Taiwan, Spain, the U.K., and Italy. According to Google-owned Mandiant, APT41’s use of non-public malware typically reserved for espionage operations sets it apart from other China-nexus actors. The group has maintained unauthorized access to numerous victims’ networks since 2023, extracting sensitive data over extended periods. Their attack chain involves web shells (ANTSWORD and BLUEBEAM), custom droppers (DUSTPAN and DUSTTRAP), and publicly available tools (SQLULDR2 and PINEGROVE) to achieve persistence, deliver payloads, and exfiltrate data.
Russian Nationals Plead Guilty in LockBit Ransomware Attacks
Two Russian nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, have pleaded guilty in a U.S. court for their involvement in ransomware attacks linked to the notorious LockBit ransomware group. The U.S. Department of Justice reported that Vasiliev and Astamirov infiltrated vulnerable computers, deployed LockBit ransomware, and stole and encrypted data. Astamirov, also known as BETTERPAY, offtitan, and Eastfarmer, operated in Virginia, Japan, France, Scotland, and Kenya, receiving $1.9 million in ransom between 2020 and 2023. He faces up to 25 years in prison. Vasiliev, known as Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwater99, and Newwave110, targeted businesses in New Jersey, Michigan, the U.K., and Switzerland, deploying ransomware against 12 businesses.
Security Breach Results in WazirX Losing $230 Million in Cryptocurrency Assets
Indian cryptocurrency exchange WazirX has confirmed the theft of $230 million in cryptocurrency assets from one of its wallets. The company stated, “A cyber attack occurred in one of our [multi-signature] wallets, resulting in a loss of funds exceeding $230 million. This wallet was operated utilizing the services of Liminal’s digital asset custody and wallet infrastructure since February 2023.”
The breach has elicited significant reactions from both individuals and companies. Liminal, a crypto custody firm and one of the six signatories on the compromised wallet, revealed that their investigation pointed to a self-custody multi-sig smart contract wallet created outside of the Liminal ecosystem as the source of the compromise. In a subsequent statement, Liminal assured the public of the security of all WazirX wallets created on their platform.
