Tuesday Aug 20, 2024
Hunting the Rogue Insiders Operating for FAMOUS CHOLLIMA
FAMOUS CHOLLIMA, a new adversary CrowdStrike is tracking, has recently made headlines for its insider threat activity. In April 2024, CrowdStrike Services responded to the first of several incidents in which FAMOUS CHOLLIMA threat actors targeted 30+ US-based companies. The insiders claimed to be US residents and were hired for remote IT positions, which granted them access they exploited to attempt data exfiltration, install malware and conduct other malicious activity. CrowdStrike has now informed more than 100 companies they have hired these threat actors as employees.
In this episode, Adam and Cristian dig into the details of who FAMOUS CHOLLIMA is, how this attack was uncovered and why malicious insider threats are on the rise. They also examine the key findings of the CrowdStrike 2024 Threat Hunting Report, including the growth of cross-domain activity, adversary adoption of remote monitoring and management tools, and the concerning pattern of identity-focused attacks.
Download the CrowdStrike 2024 Threat Hunting Report today: https://www.crowdstrike.com/resources/reports/threat-hunting-report/