Hunting the Rogue Insiders Operating for FAMOUS CHOLLIMA

FAMOUS CHOLLIMA, a new adversary CrowdStrike is tracking, has recently made headlines for its insider threat activity. In April 2024, CrowdStrike Services responded to the first of several incidents in which FAMOUS CHOLLIMA threat actors targeted 30+ US-based companies. The insiders claimed to be US residents and were hired for remote IT positions, which granted them access they exploited to attempt data exfiltration, install malware and conduct other malicious activity. CrowdStrike has now informed more than 100 companies they have hired these threat actors as employees. In this episode, Adam and Cristian dig into the details of who FAMOUS CHOLLIMA is, how this attack was uncovered and why malicious insider threats are on the rise. They also examine the key findings of the CrowdStrike 2024 Threat Hunting Report, including the growth of cross-domain activity, adversary adoption of remote monitoring and management tools, and the concerning pattern of identity-focused attacks. Download the CrowdStrike 2024 Threat Hunting Report today: https://www.crowdstrike.com/resources/reports/threat-hunting-report/

Om Podcasten

Modern adversaries are relentless. Today’s threat actors target organizations around the world with sophisticated cyberattacks. Who are they? What are they after? And most importantly, how can you defend against them? Welcome to the Adversary Universe podcast, where CrowdStrike answers all of these questions — and more. Join our hosts, a pioneer in adversary intelligence and a specialist in cybersecurity technology, as they unmask the threat actors targeting your organization.