Rapid Response Status Page
Identified - Dear Customers,

Axon is aware that multiple threat actor groups are exploiting the current chaos and panic within organizations caused by the ongoing Crowdstrike outage incident.

Our analysis has identified several ongoing malicious campaigns, including:
* Phishing and adware campaigns aimed at fraud and credential theft.
* Malware campaigns delivered via email targeting employees and IT personnel.
* Fraudulent groups impersonate Crowdstrike in phone calls to IT personnel to install remote tools or steal money.


Over the past day, our team has been continuously monitoring and hunting for IOCs based on our intelligence sources. Affected customers will be notified directly. In addition, the IOCs have been added to the Axon IOCs feed, to allow future tracking with the Hunters platform.

The appendix to the current IOCs can be found on our RR Github page: https://github.com/axon-git/rapid-response/blob/main/CrowdStrike%20July%20Outage%20(C-00000291)/threat_iocs_cs_outage_breach_200724.txt


Please do not hesitate to reach out if you have any questions.

Yours,
Team Axon

Jul 20, 2024 - 11:23 UTC
Rapid Response Partial Outage
90 days ago
98.72 % uptime
Today
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Past Incidents
Jul 21, 2024

No incidents reported today.

Jul 20, 2024

Unresolved incident: CrowdStrike July Outage (C-00000291) - Update.

Jul 19, 2024
Resolved - This incident has been resolved.
Jul 19, 10:42 UTC
Identified - Dear Customers,

Team Axon is aware of the significant outage affecting Windows machines with CrowdStrike EDR agents, caused by a driver update.
To assist with scoping the impact, we have created a dedicated SQL query and visibility dashboard for our CrowdStrike customers.

1. Visibility dashboard: The dashboard “CrowdStrike July Outage (C-00000291) Visibility Dashboard” is available from the Hunters platform —> “Data” --> “Visibility” page.

2. Visibility query: The dashboard helps identify affected machines by checking for LFODownloadConfirmation events, which indicate when a specific CrowdStrike-related driver (C-00000291) has been downloaded from their servers. Additionally, the query detects if the driver file has been deleted by correlating it with deletion events. You can find the query on Axon’s RR Github: https://github.com/axon-git/rapid-response/blob/main/CrowdStrike%20July%20Outage%20(C-00000291)/crowdstrike_july_outage_c-00000291_visibility_query.sql


Yours,

Team Axon

Jul 19, 10:27 UTC
Jul 18, 2024

No incidents reported.

Jul 17, 2024

No incidents reported.

Jul 16, 2024

No incidents reported.

Jul 15, 2024

No incidents reported.

Jul 14, 2024

No incidents reported.

Jul 13, 2024

No incidents reported.

Jul 12, 2024

No incidents reported.

Jul 11, 2024

No incidents reported.

Jul 10, 2024

No incidents reported.

Jul 9, 2024

No incidents reported.

Jul 8, 2024

No incidents reported.

Jul 7, 2024

No incidents reported.