TLDR:
- A North Korean group infiltrated over 100 companies by posing as American IT workers, attempting data exfiltration and installing RMM tools.
- CrowdStrike releases its 2024 Threat Hunting Report, highlighting the need for cross-domain analysis in detecting identity-based attacks.
- The report includes case studies of Famous Chollima and Scattered Spider, showcasing the power of cross-domain threat hunting.
- CrowdStrike warns of an increase in interactive intrusions, particularly in eCrime activities, and predicts spikes in threat seasons ahead.
Cybersecurity giant CrowdStrike faced a major IT outage that led to financial losses and lawsuits. Despite this, the company continued its threat detection work and released the 2024 Threat Hunting Report focusing on emerging trends and top threat actors.
Among the report’s case studies, the most daring involves the group Famous Chollima, a North Korean entity that infiltrated multiple US-based companies by posing as American IT workers. CrowdStrike’s team discovered the group’s attempts to exfiltrate data and install RMM tools, highlighting the need for cross-domain analysis in threat hunting.
Another case study, Scattered Spider, showcases the importance of cross-domain threat hunting in detecting intrusions across different operating domains. CrowdStrike’s report warns of an increase in interactive intrusions and eCrime activities, urging companies to be vigilant.
CrowdStrike’s SVP of counter adversary operations emphasizes the importance of cross-domain analysis in identifying sophisticated threats that involve identity-based attacks. By looking at clues across different domains, threat hunters can better catch intrusions and protect organizations from cyber threats.
The report predicts spikes in threat activities during Q3 and Q4, emphasizing the need for companies to invest in the right technology and proactive threat hunting measures.