CrowdStrike

CrowdStrike was co-founded in 2011 by George Kurtz (CEO), Dmitri Alperovitch (former CTO), and Gregg Marston (CFO, retired).{{Cite web|url=https://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/|title=In conversation with George Kurtz, CEO of CrowdStrike|website=Fortune|language=en|access-date=1 July 2019|archive-date=1 July 2019|archive-url=https://web.archive.org/web/20190701225427/https://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/|url-status=live}}{{Cite web|url=https://www.bloomberg.com/profile/person/17185150?sref=eMecddu3|title=Bloomberg – Dmitri Alperovitch|website=www.bloomberg.com|access-date=14 February 2020|archive-date=14 July 2020|archive-url=https://web.archive.org/web/20200714191756/https://www.bloomberg.com/profile/person/17185150?sref=eMecddu3|url-status=live}}{{cite news|url=http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/|title=Standing up at the gates of hell: CrowdStrike CEO George Kurtz|date=29 July 2015|work=Fortune|access-date=10 June 2016|archive-date=29 May 2016|archive-url=https://web.archive.org/web/20160529191620/http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/|url-status=live}}{{Cite web|url=https://www.inc.com/cameron-albert-deitch/crowdstrike-cybersecurity-unicorn-ipo.html|title=CrowdStrike, the $3.4 Billion Startup That Fought Russian Spies in 2016, Just Filed for an IPO|last=Albert-Deitch|first=Cameron|date=15 May 2019|website=Inc.com|access-date=1 July 2019|archive-date=3 June 2019|archive-url=https://web.archive.org/web/20190603200440/https://www.inc.com/cameron-albert-deitch/crowdstrike-cybersecurity-unicorn-ipo.html|url-status=live}} The following year, they hired Shawn Henry, a former Federal Bureau of Investigation (FBI) official, to lead the subsidiary CrowdStrike Services, Inc., which offered security and response services.{{cite web |last1=Ragan |first1=Steve |title=Former FBI Exec to Head CrowdStrike Services |url=https://www.securityweek.com/former-fbi-exec-head-crowdstrike-services |access-date=13 December 2020 |work=SecurityWeek |date=23 April 2012 |archive-date=20 January 2021 |archive-url=https://web.archive.org/web/20210120063405/https://www.securityweek.com/former-fbi-exec-head-crowdstrike-services |url-status=live }}{{cite web|url=https://www.networkworld.com/article/708534/malware-cybercrime-top-fbi-cyber-cop-joins-startup-crowdstrike-to-fight-enterprise-intrusions.html|title=Top FBI cyber cop joins startup CrowdStrike to fight enterprise intrusions|first=Ellen|last=Messmer|date=18 April 2012 |publisher=Network World|access-date=10 June 2016|archive-date=8 March 2024|archive-url=https://web.archive.org/web/20240308153855/https://www.networkworld.com/article/708534/malware-cybercrime-top-fbi-cyber-cop-joins-startup-crowdstrike-to-fight-enterprise-intrusions.html|url-status=live}} The company launched CrowdStrike Falcon, an antivirus package, as its first product in June 2013.{{Cite web|url=https://www.networkworld.com/article/2168251/start-up-tackles-advanced-persistent-threats-on-microsoft--apple-computers.html|title=Start-up tackles advanced persistent threats on Microsoft, Apple computers|last=Messmer|first=Ellen|date=18 June 2013|website=Network World|language=en|access-date=1 July 2019|archive-date=17 May 2019|archive-url=https://web.archive.org/web/20190517002912/https://www.networkworld.com/article/2168251/start-up-tackles-advanced-persistent-threats-on-microsoft--apple-computers.html|url-status=live}}{{Cite news|url=https://www.reuters.com/assets/print?aid=USKBN0N41PT20150413|title=U.S. firm CrowdStrike claims success in deterring Chinese hackers|date=13 April 2015|newspaper=Reuters|access-date=14 June 2016|archive-date=12 November 2017|archive-url=https://web.archive.org/web/20171112131754/https://www.reuters.com/assets/print?aid=USKBN0N41PT20150413|url-status=live}}

In May 2014, CrowdStrike's reports helped the United States Department of Justice to charge five Chinese military hackers with economic cyber espionage against U.S. corporations.{{Cite news|last=Gorman|first=Devlin Barrett and Siobhan|url=https://www.wsj.com/articles/u-s-justice-department-to-charge-chinese-army-workers-hacked-u-s-firms-1400499708|title=U.S. Charges Five in Chinese Army With Hacking|date=20 May 2014|work=Wall Street Journal|access-date=14 February 2020|language=en-US|issn=0099-9660|archive-date=15 February 2020|archive-url=https://web.archive.org/web/20200215052007/https://www.wsj.com/articles/u-s-justice-department-to-charge-chinese-army-workers-hacked-u-s-firms-1400499708|url-status=live}} CrowdStrike also uncovered the activities of Energetic Bear, a group connected to Russia's Federal Security Service that conducted intelligence operations against global targets, primarily in the energy sector.{{Cite web|url=https://www.cyberscoop.com/us-nuclear-hack-russia-energetic-bear-fireeye-phishing-watering-hole/|title=The old foe, new attack and unsolved mystery in the recent U.S. energy sector hacking campaign|date=12 July 2017|website=CyberScoop|language=en|access-date=14 February 2020|archive-date=24 September 2019|archive-url=https://web.archive.org/web/20190924072304/https://www.cyberscoop.com/us-nuclear-hack-russia-energetic-bear-fireeye-phishing-watering-hole/|url-status=live}}

After the Sony Pictures hack, CrowdStrike uncovered evidence implicating the government of North Korea and demonstrated how the attack was carried out.{{Cite web|url=http://www.pcworld.com/article/2885592/whats-in-a-typo-more-evidence-tying-north-korea-to-the-sony-hack.html|title=What's in a typo? More evidence tying North Korea to the Sony hack|website=PCWorld|access-date=14 June 2016|archive-date=19 August 2016|archive-url=https://web.archive.org/web/20160819051957/http://www.pcworld.com/article/2885592/whats-in-a-typo-more-evidence-tying-north-korea-to-the-sony-hack.html|url-status=live}} In 2014, CrowdStrike helped identify members of Putter Panda, the state-sponsored Chinese group of hackers also known as PLA Unit 61486.{{Cite news|url=https://www.nytimes.com/2014/06/10/technology/private-report-further-details-chinese-cyberattacks.html?pagewanted=print|title=2nd China Army Unit Implicated in Online Spying|last=Perlroth|first=Nicole|date=9 June 2014|newspaper=The New York Times|access-date=14 June 2016|issn=0362-4331|archive-date=12 November 2017|archive-url=https://web.archive.org/web/20171112074612/https://www.nytimes.com/2014/06/10/technology/private-report-further-details-chinese-cyberattacks.html?pagewanted=print|url-status=live}}{{Cite news|url=http://www.ft.com/intl/cms/s/0/3a1652ce-f027-11e3-9b4c-00144feabdc0.html|title=Second China unit accused of cyber crime|date=10 June 2014|work=Financial Times|access-date=10 June 2014}}

In May 2015, the company released information about VENOM, a critical flaw in an open-source hypervisor called Quick Emulator (QEMU) that allowed attackers to access sensitive personal information.{{Cite web|url=http://fortune.com/2015/05/13/venom-vulnerability/|title='Venom' vulnerability: Serious computer bug shatters cloud security|date=13 May 2015|website=Fortune|access-date=14 June 2016|archive-date=25 April 2016|archive-url=https://web.archive.org/web/20160425105322/http://fortune.com/2015/05/13/venom-vulnerability/|url-status=live}}{{Cite web|url=https://arstechnica.com/information-technology/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/|title=Extremely serious virtual machine bug threatens cloud providers everywhere|last=Goodin|first=Dan|date=13 May 2015|website=Ars Technica|language=en-us|access-date=1 July 2019|archive-date=22 June 2019|archive-url=https://web.archive.org/web/20190622131725/https://arstechnica.com/information-technology/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/|url-status=live}} In October 2015, CrowdStrike announced that it had identified Chinese hackers attacking technology and pharmaceutical companies around the time that U.S. President Barack Obama and China's leader Xi Jinping publicly agreed not to conduct economic espionage against each other. The alleged hacking would have been in violation of that agreement.{{Cite news|url=https://www.wsj.com/articles/report-warns-of-chinese-hacking-1445227440|title=Report Warns of Chinese Hacking|last=Yadron|first=Danny|newspaper=Wall Street Journal|date=19 October 2015 |language=en-US|access-date=1 July 2019|archive-date=17 May 2019|archive-url=https://web.archive.org/web/20190517002912/https://www.wsj.com/articles/report-warns-of-chinese-hacking-1445227440|url-status=live}}

In July 2015, Google invested in the company's Series C funding round, which was followed by Series D and Series E, raising a total of $480 million as of May 2019.{{Cite web|url=https://www.crn.com/news/security/300085371/crowdstrike-lands-100m-funding-round-looks-to-expand-globally-and-invest-in-partners.htm|title=Crowdstrike Lands $100M Funding Round, Looks To Expand Globally And Invest In Partners|last=Kuranda|first=Sarah|date=17 May 2017|website=CRN|access-date=1 July 2019|archive-date=3 June 2019|archive-url=https://web.archive.org/web/20190603145818/https://www.crn.com/news/security/300085371/crowdstrike-lands-100m-funding-round-looks-to-expand-globally-and-invest-in-partners.htm|url-status=live}}{{Cite web|url=https://venturebeat.com/2018/06/19/cybersecurity-startup-crowdstrike-raises-200-million-at-3-billion-valuation/|title=Cybersecurity startup CrowdStrike raises $200 million at $3 billion valuation|date=19 June 2018|website=VentureBeat|language=en-US|access-date=1 July 2019|archive-date=3 June 2019|archive-url=https://web.archive.org/web/20190603145815/https://venturebeat.com/2018/06/19/cybersecurity-startup-crowdstrike-raises-200-million-at-3-billion-valuation/|url-status=live}}{{Cite web|url=https://www.bizjournals.com/sanjose/news/2019/05/31/crowdstrike-ipo-biggest-cybersecurity-companies.html|title=CrowdStrike may top these 6 biggest-ever U.S. security IPOs next month|website=www.bizjournals.com|access-date=24 February 2020|archive-date=28 April 2020|archive-url=https://web.archive.org/web/20200428021535/https://www.bizjournals.com/sanjose/news/2019/05/31/crowdstrike-ipo-biggest-cybersecurity-companies.html|url-status=live}}

In 2017, the company reached a valuation of more than $1 billion with an estimated annual revenue of $100 million.{{Cite magazine |last=Hackett |first=Robert |date=17 May 2017 |title=Hack Investigator CrowdStrike Reaches $1 Billion Valuation |url=https://fortune.com/2017/05/17/hack-crowdstrike-billion/ |url-status=live |archive-url=https://web.archive.org/web/20190701125832/https://fortune.com/2017/05/17/hack-crowdstrike-billion/ |archive-date=1 July 2019 |access-date=9 June 2017 |magazine=FORTUNE}} In June 2018, the company said it was valued at more than $3 billion. Investors include Telstra, March Capital Partners, Rackspace, Accel Partners and Warburg Pincus.{{Cite web|url=https://techcrunch.com/2015/07/13/security-company-crowdstrike-scores-100m-led-by-google-capital/|title=Security Company CrowdStrike Scores $100M Led By Google Capital|website=TechCrunch|date=13 July 2015 |language=en-US|access-date=1 July 2019|archive-date=4 April 2019|archive-url=https://web.archive.org/web/20190404062231/https://techcrunch.com/2015/07/13/security-company-crowdstrike-scores-100m-led-by-google-capital/|url-status=live}}{{Cite web|url=https://www.bizjournals.com/losangeles/news/2017/05/17/crowdstrike-raises-100-million-for-cybersecurity.html|title=CrowdStrike raises $100 million for cybersecurity|website=www.bizjournals.com|access-date=24 February 2020|archive-date=28 April 2020|archive-url=https://web.archive.org/web/20200428021532/https://www.bizjournals.com/losangeles/news/2017/05/17/crowdstrike-raises-100-million-for-cybersecurity.html|url-status=live}}

In June 2019, the company made an initial public offering on the Nasdaq.{{Cite news |last=Murphy |first=Hannah |date=13 June 2019 |title=Cyber security group CrowdStrike's shares jump more than 70% after IPO |url=https://www.ft.com/content/27730018-8ca8-11e9-a24d-b42f641eca37 |url-status=live |archive-url=https://archive.today/20240730081805/https://webcache.googleusercontent.com/search?q=cache:https://www.ft.com/content/27730018-8ca8-11e9-a24d-b42f641eca37 |archive-date=30 July 2024 |access-date=13 June 2019 |work=Financial Times |issn=0307-1766}}{{Cite news |last=Feiner |first=Lauren |date=12 June 2019 |title=CrowdStrike pops more than 70% in debut, now worth over $11 billion |url=https://www.cnbc.com/2019/06/12/crowdstrike-ipo-stock-starts-trading-on-the-nasdaq.html |url-status=live |archive-url=https://web.archive.org/web/20190612232818/https://www.cnbc.com/2019/06/12/crowdstrike-ipo-stock-starts-trading-on-the-nasdaq.html |archive-date=12 June 2019 |access-date=12 June 2019 |work=CNBC}}

CrowdStrike expanded its identity security offerings with Falcon Identity Threat Protection, initially available in 2020, which later evolved into a managed service integrating with Falcon Complete in 2022, and a Cloud Threat Hunting Service in July 2022.[https://www.techzine.eu/news/security/74022/crowdstrike-launches-falcon-identity-threat-protection-complete/ "CrowdStrike launches Falcon Identity Threat Protection Complete,"] Techzine, March 2, 2022, retrieved March 3, 2025.[https://venturebeat.com/security/crowdstrike-cloud-threat-hunting/ "CrowdStrike introduces a new cloud threat hunting service,"] VentureBeat, July 26, 2022, retrieved March 3, 2025.

In December 2021, the company moved its headquarters location from Sunnyvale, California, to Austin, Texas.{{Cite web|date=28 December 2021|title=CrowdStrike Changes Principal Office to Austin, Texas|url=https://www.crowdstrike.com/blog/crowdstrike-changes-principal-executive-office-to-austin-texas/|access-date=2 February 2022|website=CrowdStrike|language=en|archive-date=28 January 2022|archive-url=https://web.archive.org/web/20220128064206/https://www.crowdstrike.com/blog/crowdstrike-changes-principal-executive-office-to-austin-texas/|url-status=live}}

In 2023, CrowdStrike introduced CrowdStream service in collaboration with Cribl.io.{{Cite web |last=Alspach |first=Kyle |title=RSAC 2023 Sees Big Moves From SentinelOne, CrowdStrike, Google Cloud, Accenture {{!}} CRN |url=https://www.crn.com/news/security/rsac-2023-sees-big-moves-from-sentinelone-crowdstrike-google-cloud-accenture |access-date=29 February 2024 |website=www.crn.com |archive-date=22 July 2024 |archive-url=https://web.archive.org/web/20240722160650/https://www.crn.com/news/security/rsac-2023-sees-big-moves-from-sentinelone-crowdstrike-google-cloud-accenture |url-status=live }} Charlotte AI, CrowdStrike's generative AI security analyst, was launched in May 2023 as part of Falcon's AI-driven security updates, enhancing automated threat triaging and response.[https://www.axios.com/2023/05/30/crowdstrike-generative-ai-security-assistant "CrowdStrike adds generative AI assistant to security tools,"] Axios, May 30, 2023, retrieved March 6, 2025.

In September 2023, CrowdStrike launched Falcon Foundry, a no-code application development platform directed at a wider audience,[https://www.csoonline.com/article/652849/crowdstrike-announces-major-build-out-of-its-falcon-product-suite.html "CrowdStrike announces major build-out of its Falcon product suite,"] CSO, September 19, 2023, retrieved March 3, 2025. and in September 2024, the company launched CrowdStrike Financial Services, which offers payment solutions and financing to improve access to the Falcon platform.[https://www.channelinsider.com/news-and-trends/us/crowdstrike-falcon-2024/ "CrowdStrike Unveils Financial Services, AI Tools at Fal.Con 2024,"] Channel Insider, September 23, 2024, retrieved March 6, 2025.

CrowdStrike joined the S&P 500 index in June 2024.{{Cite web |last=Carson |first=Ed |date=9 June 2024 |title=CrowdStrike, KKR, GoDaddy To Join S&P 500 In Quarterly Rebalance; Stocks Jump |url=https://www.investors.com/news/sp-500-crowdstrike-kkr-godaddy-quarterly-rebalance/ |access-date= |website=Investor's Business Daily |language=en-US |archive-date=9 June 2024 |archive-url=https://web.archive.org/web/20240609171312/https://www.investors.com/news/sp-500-crowdstrike-kkr-godaddy-quarterly-rebalance/ |url-status=live }}

As of 2024, CrowdStrike spent more than $360,000 on federal lobbying in the first half of 2024, according to OpenSecrets, and $620,000 during 2023. The company has also focused on working with the U.S. government and selling its services to government agencies.{{cite news |title=CrowdStrike CEO George Kurtz on China, Microsoft and the SEC |url=https://www.cnbc.com/2023/12/14/crowdstrike-ceo-george-kurtz-on-china-microsoft-and-the-sec.html |work=CNBC |date=14 December 2023 |access-date=19 July 2024 |archive-date=22 July 2024 |archive-url=https://web.archive.org/web/20240722160714/https://www.cnbc.com/2023/12/14/crowdstrike-ceo-george-kurtz-on-china-microsoft-and-the-sec.html |url-status=live }}

In November 2017, CrowdStrike acquired Payload Security, a firm that developed automated malware analysis sandbox technology.{{cite web|url=https://www.securityweek.com/crowdstrike-adds-malware-search-engine-hybrid-analysis/ |title=CrowdStrike Adds Malware Search Engine to ‘Hybrid Analysis’ | first=Eduard|last=Kovacs|work=Security Week|date=August 21, 2018}} In September 2020, the company acquired zero trust and conditional access technology provider Preempt Security for $96 million.{{Cite web|last=Gagliordi|first=Natalie|title=CrowdStrike to acquire Preempt Security for $96 million|url=https://www.zdnet.com/article/crowdstrike-to-acquire-preempt-security-for-96-million/|access-date=28 September 2020|website=ZDNet|language=en|archive-date=26 September 2020|archive-url=https://web.archive.org/web/20200926131559/https://www.zdnet.com/article/crowdstrike-to-acquire-preempt-security-for-96-million/|url-status=live}} In February 2021, CrowdStrike acquired Danish log management platform Humio for $400 million with plans to integrate Humio's log aggregation into CrowdStrike's XDR offering.{{Cite web|last=Cimpanu|first=Catalin|date=18 February 2021|title=CrowdStrike acquires Humio for $400 million|url=https://www.zdnet.com/article/crowdstrike-acquires-humio-for-400-million/|work=ZDNet|access-date=10 July 2024|archive-date=11 July 2024|archive-url=https://web.archive.org/web/20240711021956/https://www.zdnet.com/article/crowdstrike-acquires-humio-for-400-million/|url-status=live}} Later that November, CrowdStrike acquired SecureCircle, a SaaS-based cybersecurity service that extends zero trust endpoint security to include data.{{Cite web|last=Novinson|first=Michael|date=1 November 2021|title=CrowdStrike To Buy Data Protection Startup SecureCircle|url=https://www.crn.com/news/security/crowdstrike-to-buy-data-protection-startup-securecircle|access-date=10 June 2024|work=CRN|language=en|archive-date=22 July 2024|archive-url=https://web.archive.org/web/20240722160032/https://www.crn.com/news/security/crowdstrike-to-buy-data-protection-startup-securecircle|url-status=live}} In October 2022, CrowdStrike acquired Reposify, an external attack surface management vendor for risk management.{{cite web|url=https://en.globes.co.il/en/article-crowdstrike-buying-israeli-cybersecurity-co-reposify-1001425188 |title=CrowdStrike buying Israeli cybersecurity co Reposify | first=Ofir|last=Dor|work=Globes|date=September 20, 2022}} In 2023, CrowdStrike acquired Israeli cybersecurity startup Bionic.ai.{{cite news |title=CrowdStrike acquiring cyber startup Bionic for $350 million |url=https://www.calcalistech.com/ctechnews/article/hyquwtlka |work=CTech |date=19 September 2023}} In 2024, CrowdStrike acquired Israeli cloud security startups Flow Security for $200 million{{cite news |title=CrowdStrike acquiring cyber startup Flow Security in $200 million deal |url=https://www.calcalistech.com/ctechnews/article/ryawyqb6p |work=CTech |date=6 March 2024 |access-date=19 July 2024 |archive-date=20 July 2024 |archive-url=https://web.archive.org/web/20240720195912/https://www.calcalistech.com/ctechnews/article/ryawyqb6p |url-status=live }} and Adaptive Shield for $300 million.{{cite web |last=Kovacs |first=Eduard | title=CrowdStrike to Acquire Adaptive Shield in Reported $300 Million Deal |url=https://www.securityweek.com/crowdstrike-to-acquire-adaptive-shield-in-reported-300-million-deal/ |website=SecurityWeek |date=2024-11-06 |accessdate=2024-11-06}}

In 2024, total revenue was $3.06 billion, a 36% increase.

CrowdStrike helped investigate the Democratic National Committee cyberattacks and a connection to Russian intelligence services.{{cite news |author=Энжел-Ау Юнг (Angel-Au Jung) |url=https://www.forbes.ru/tehnologii/394825-ohotnik-na-hakerov-i-vrag-trampa-kak-millioner-iz-ssha-lovit-kiberprestupnikov-iz |title=Охотник на хакеров и враг Трампа: как миллионер из США ловит киберпреступников из России, Китая и Ирана |trans-title=Hacker hunter and Trump's enemy: how a millionaire from the United States catches cybercriminals from Russia, China and Iran |language=ru |work=Forbes (forbes.ru) |date=20 March 2020 |access-date=20 September 2024 |archive-url=https://web.archive.org/web/20200928021637/https://www.forbes.ru/tehnologii/394825-ohotnik-na-hakerov-i-vrag-trampa-kak-millioner-iz-ssha-lovit-kiberprestupnikov-iz |archive-date=28 September 2020}} On 20 March 2017, James Comey testified before congress stating:{{cite news |url=https://www.washingtonpost.com/news/post-politics/wp/2017/03/20/full-transcript-fbi-director-james-comey-testifies-on-russian-interference-in-2016-election/ |title=Full transcript: FBI Director James Comey testifies on Russian interference in 2016 election |access-date=22 May 2017 |archive-date=23 May 2017 |archive-url=https://web.archive.org/web/20170523113641/https://www.washingtonpost.com/news/post-politics/wp/2017/03/20/full-transcript-fbi-director-james-comey-testifies-on-russian-interference-in-2016-election/ |url-status=live }}

CrowdStrike, Mandiant, and ThreatConnect review[ed] the evidence of the hack and conclude[d] with high certainty that it was the work of APT 28 and APT 29 who are known to be Russian intelligence services.

In December 2016, CrowdStrike released a report stating that Russian government-affiliated group Fancy Bear had hacked a Ukrainian artillery app.{{cite web |url=https://www.theverge.com/2016/12/23/14068992/russian-hack-dnc-ukraine-military-malware-crowdstrike |title=Russian hackers linked to DNC attack also targeted Ukrainian military, says report |website=theverge.com |date=23 December 2016 |access-date=26 June 2019 |archive-date=17 November 2019 |archive-url=https://web.archive.org/web/20191117011408/https://www.theverge.com/2016/12/23/14068992/russian-hack-dnc-ukraine-military-malware-crowdstrike |url-status=live }} They concluded that Russia had used the hack to cause large losses to Ukrainian artillery units. The app (called ArtOS) is installed on tablet PCs and used for fire-control.{{Cite web|url=http://noosphereengineering.com/en/news/new-brainchild-of-engineering-school-was-tested-by-the-armed-forces|title=New brainchild of engineering school was tested by the armed forces|last=Noosphere engineering school|date=31 October 2015|website=noosphereengineering.com|access-date=28 December 2017|archive-date=29 December 2017|archive-url=https://web.archive.org/web/20171229052415/http://noosphereengineering.com/en/news/new-brainchild-of-engineering-school-was-tested-by-the-armed-forces|url-status=live}} CrowdStrike also found a hacked variation of POPR-D30 being distributed on Ukrainian military forums that utilized an X-Agent implant.{{Cite web|url=http://blog.crysys.hu/2017/01/technical-details-on-the-fancy-bear-android-malware-poprd30-apk|title=Technical details on the Fancy Bear Android malware (poprd30.apk)|last=Boldi|date=3 January 2017|website=Laboratory of Cryptography and System Security, Budapest University of Technology and Economics|access-date=8 February 2018|archive-date=9 February 2018|archive-url=https://web.archive.org/web/20180209063118/http://blog.crysys.hu/2017/01/technical-details-on-the-fancy-bear-android-malware-poprd30-apk/|url-status=live}}

The International Institute for Strategic Studies rejected CrowdStrike's assessment that claimed hacking caused losses to Ukrainian artillery units, saying that their data on Ukrainian D30 howitzer losses was misused in CrowdStrike's report. The Ukrainian Ministry of Defense also rejected the CrowdStrike report, stating that actual artillery losses were much smaller than what was reported by CrowdStrike and were not associated with Russian hacking.{{Cite news|url=https://www.voanews.com/a/crowdstrike-comey-russia-hack-dnc-clinton-trump/3776067.html|title=Think Tank: Cyber Firm at Center of Russian Hacking Charges Misread Data|last=Kuzmenko|first=Oleksiy|date=23 March 2017|work=Voice of America|access-date=20 December 2017|archive-date=20 January 2018|archive-url=https://web.archive.org/web/20180120231522/https://www.voanews.com/a/crowdstrike-comey-russia-hack-dnc-clinton-trump/3776067.html|url-status=live}} Prior to this, CrowdStrike had published a report claiming that malware used in Ukraine and against the Democratic National Committee (DNC) appeared to be unique and identical, further evidence for a Russian origin of the DNC attack.{{cite news |title=Group allegedly behind DNC hack targeted Ukraine, report finds |url=https://www.theguardian.com/technology/2016/dec/22/dnc-hack-crowdstrike-ukraine-malware-russia |work=The Guardian |date=22 December 2016 |access-date=19 July 2024 |archive-date=16 May 2017 |archive-url=https://web.archive.org/web/20170516024517/https://www.theguardian.com/technology/2016/dec/22/dnc-hack-crowdstrike-ukraine-malware-russia |url-status=live }}

Cybersecurity firm SecureWorks discovered a list of email addresses targeted by Fancy Bear in phishing attacks. The list included the email address of Yaroslav Sherstyuk, the developer of ArtOS.{{Cite news|url=https://www.rferl.org/a/ukraine-russia-fancy-bear-hacking-artillery-guidance-app/28831564.html|title=Fancy Bear Tried To Hack E-Mail Of Ukrainian Making Artillery-Guidance App|last=Miller|first=Christopher|date=2 November 2017|work=RadioFreeEurope|access-date=8 February 2018|archive-date=6 February 2018|archive-url=https://web.archive.org/web/20180206040444/https://www.rferl.org/a/ukraine-russia-fancy-bear-hacking-artillery-guidance-app/28831564.html|url-status=live}} Additional Associated Press research supports CrowdStrike's conclusions about Fancy Bear.{{cite news |last1=Satter |first1=Raphael |title=Russia hackers pursued Putin foes, not just US Democrats |url=https://www.apnews.com/3bca5267d4544508bb523fa0db462cb2 |access-date=2 April 2019 |work=Associated Press |date=2 November 2017 |archive-date=2 April 2019 |archive-url=https://web.archive.org/web/20190402142500/https://www.apnews.com/3bca5267d4544508bb523fa0db462cb2 |url-status=live }} Radio Free Europe notes that the AP report "lends some credence to the original CrowdStrike report, showing that the app had, in fact, been targeted."{{cite news |last1=Miller |first1=Christopher |title='Fancy Bear' Tried To Hack E-Mail Of Ukrainian Making Artillery-Guidance App |url=https://www.rferl.org/a/ukraine-russia-fancy-bear-hacking-artillery-guidance-app/28831564.html |access-date=2 April 2019 |work=Radio Free Europe/Radio Liberty |date=2 November 2017 |archive-date=2 April 2019 |archive-url=https://web.archive.org/web/20190402142458/https://www.rferl.org/a/ukraine-russia-fancy-bear-hacking-artillery-guidance-app/28831564.html |url-status=live }}

In the Trump–Ukraine scandal, Donald Trump, then the president of the United States, held a phone call with Volodymyr Zelensky, the president of Ukraine, on 25 July 2019, in which Trump asked Zelensky to look into a conspiracy theory that was being promoted on far-right websites such as Breitbart News and Russian state media outlets such as Russia Today and Sputnik.{{cite web|first=Ryan|last=Broderick|url=https://www.buzzfeednews.com/article/ryanhatesthis/crowdstrike-4chan-qanon-conspiracy-theory|title=Here's How Donald Trump Ended Up Referencing A Russian-Promoted 4chan Conspiracy Theory In His Call To The Ukrainian President|website=Buzzfeed News|date=26 September 2019|accessdate=11 February 2024|archive-date=8 October 2019|archive-url=https://web.archive.org/web/20191008031915/https://www.buzzfeednews.com/article/ryanhatesthis/crowdstrike-4chan-qanon-conspiracy-theory|url-status=live}} The theory held that namely, that the Ukrainian government used CrowdStrike to hack into the Democratic National Committee's servers in 2016 and frame Russia for the crime to undermine Trump in the 2016 presidential election.{{cite news|first=Eileen|last=Sullivan|url=https://www.nytimes.com/2019/09/25/us/politics/crowdstrike-ukraine.html|title=How CrowdStrike Became Part of Trump's Ukraine Call|newspaper=The New York Times|date=25 September 2019|accessdate=11 February 2024|archive-date=26 September 2019|archive-url=https://archive.today/20190926002538/https://www.nytimes.com/2019/09/25/us/politics/crowdstrike-ukraine.html|url-status=live}}{{cite news|first=Joseph|last=Marks|url=https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/09/26/the-cybersecurity-202-trump-s-crowdstrike-conspiracy-theory-shows-he-still-doubts-russian-election-interference/5d8ba0d088e0fa4b0ec245b7/|title=The Cybersecurity 202: Trump's CrowdStrike conspiracy theory shows he still doubts Russian election interference|newspaper=The Washington Post|date=26 September 2019|accessdate=11 February 2024}} The conspiracy theory has been repeatedly debunked.{{cite web|first=Frank|last=Bajak|url=https://apnews.com/article/23c9022665dc40a1a69e613459955112|title=Debunked Ukraine conspiracy theory is knocked down – again|work=Associated Press News|date=13 November 2019|accessdate=11 February 2024|archive-date=22 July 2024|archive-url=https://web.archive.org/web/20240722160628/https://apnews.com/article/23c9022665dc40a1a69e613459955112|url-status=live}}{{cite web|first=Chris|last=Cillizza|authorlink=Chris Cillizza|url=https://www.cnn.com/2019/09/30/politics/crowdstrike-donald-trump-ukraine/index.html|title=Don't miss the totally debunked conspiracy theory Donald Trump pushed in the Ukraine call|website=CNN|date=30 September 2019|accessdate=11 February 2024|archive-date=26 February 2024|archive-url=https://web.archive.org/web/20240226142139/https://www.cnn.com/2019/09/30/politics/crowdstrike-donald-trump-ukraine/index.html|url-status=live}}{{cite web|first=Ben|last=Collins|url=https://www.cnn.com/2019/09/30/politics/crowdstrike-donald-trump-ukraine/index.html|title=Trump seized on a conspiracy theory called the 'insurance policy.' Now, it's at the center of an impeachment investigation.|website=NBC News|date=3 October 2019|accessdate=11 February 2024|archive-date=26 February 2024|archive-url=https://web.archive.org/web/20240226142139/https://www.cnn.com/2019/09/30/politics/crowdstrike-donald-trump-ukraine/index.html|url-status=live}}

{{Main|2024 CrowdStrike-related IT outages}}

File:CrowdStrike BSOD at LGA.jpg, caused by an update pushed by CrowdStrike, on airport luggage conveyor belts at LaGuardia Airport, New York City]]On 19 July 2024, CrowdStrike released a software configuration file update to the Falcon endpoint detection and response agent. Flaws in the update caused blue screens of death on Microsoft Windows machines, disrupting millions of Windows computers worldwide.{{Cite web |last=Baran |first=Guru |date=19 July 2024 |title=CrowdStrike Update Pushing Windows Machines Into a BSOD Loop |url=https://cybersecuritynews.com/crowdstrike-update-bsod-loop/ |url-status=live |archive-url=https://web.archive.org/web/20240719143015/https://cybersecuritynews.com/crowdstrike-update-bsod-loop/ |archive-date=19 July 2024 |access-date=19 July 2024 |website=Cyber Security News |language=en-US}}{{cite web |last1=Sharwood |first1=Simon |title=CrowdStrike code update bricking Windows machines around the world |url=https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/ |url-status=live |archive-url=https://web.archive.org/web/20240719143002/https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/ |archive-date=19 July 2024 |access-date=19 July 2024 |website=The Register}} Affected machines were forced into a bootloop, making them unusable. This was caused by an update to a configuration file, Channel File 291, which CrowdStrike says triggered a logic error and caused the operating system to crash.{{Cite web |last=CrowdStrike |date=20 July 2024 |title=Technical Details: Falcon Update for Windows Hosts {{!}} CrowdStrike |url=https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ |access-date=20 July 2024 |website=crowdstrike.com |language=en}} The downtime caused a widespread global impact, grounding commercial airline flights, temporarily taking Sky News and other broadcasters offline, and disrupting banking and healthcare services as well as 911 emergency call centers.{{Cite web |last=Warren |first=Tom |date=19 July 2024 |title=Major Windows BSOD issue takes banks, airlines, and broadcasters offline |url=https://www.theverge.com/2024/7/19/24201717/windows-bsod-crowdstrike-outage-issue |url-status=live |archive-url=https://web.archive.org/web/20240719172725/https://www.theverge.com/2024/7/19/24201717/windows-bsod-crowdstrike-outage-issue |archive-date=19 July 2024 |access-date=19 July 2024 |website=The Verge |language=en}}

By the end of the day, CrowdStrike shares closed trading at a price of $304.96, down $38.09 or 11.10%.{{cite web |date=29 January 2012 |title=CrowdStrike Holdings Inc CRWD:NASDAQ |url=https://www.cnbc.com/quotes/CRWD |url-status=live |archive-url=https://web.archive.org/web/20240616004113/https://www.cnbc.com/quotes/CRWD/ |archive-date=16 June 2024 |access-date=19 July 2024 |website=cnbc.com}}

Although CrowdStrike issued a patch to fix the error, computers stuck in a bootloop were unable to connect to the Internet to download the patch before Falcon would be loaded and crash the device again. The recommended solution from CrowdStrike was to boot into safe mode or Windows Recovery Mode and manually delete Channel File 291.{{Cite web |title=KB5042421: CrowdStrike issue impacting Windows endpoints causing an 0x50 or 0x7E error message on a blue screen - Microsoft Support |url=https://support.microsoft.com/en-us/topic/b1c700e0-7317-4e95-aeee-5d67dd35b92f |access-date=20 July 2024 |website=support.microsoft.com}} This requires local administrator access and if the device was encrypted by BitLocker, also required a recovery key.{{Cite web |last=Warren |first=Tom |date=19 July 2024 |title=Here's how IT admins are fixing the Windows Blue Screen of Death chaos |url=https://www.theverge.com/2024/7/19/24201806/microsoft-windows-bsod-pc-crashing-crowdstrike-fix |url-status=live |archive-url=https://web.archive.org/web/20240720080457/https://www.theverge.com/2024/7/19/24201806/microsoft-windows-bsod-pc-crashing-crowdstrike-fix |archive-date=20 July 2024 |access-date=20 July 2024 |website=The Verge |language=en}} Microsoft reported that some customers were able to remediate the issue solely by rebooting impacted devices up to 15 times.{{Cite web |last=Warren |first=Tom |date=19 July 2024 |title=Microsoft on CrowdStrike outage: have you tried turning it off and on? (15 times) |url=https://www.theverge.com/2024/7/19/24201927/microsoft-crowdstrike-update-fix-turn-off-on-pc |url-status=live |archive-url=https://web.archive.org/web/20240720210414/https://www.theverge.com/2024/7/19/24201927/microsoft-crowdstrike-update-fix-turn-off-on-pc |archive-date=20 July 2024 |access-date=20 July 2024 |website=The Verge |language=en}} On 22 July 2024, CrowdStrike shares closed the trading day at a price of $263.91, with a loss of $41.05 or 13.46%.{{cite web |title=CrowdStrike Holdings, Inc. Class A Common Stock (CRWD) |url=https://www.nasdaq.com/market-activity/stocks/crwd |access-date=22 July 2024 |website=nasdaq.com}} On 24 July 2024, five days after the incident, CrowdStrike published a Post-Incident Review.{{Cite web|date=July 24, 2024|access-date=February 26, 2025|title=Preliminary Post Incident Review (PIR): Content Configuration Update Impacting the Falcon Sensor and the Windows Operating System (BSOD) |url=https://www.crowdstrike.com/en-us/blog/falcon-content-update-preliminary-post-incident-report/ |url-status=live|website=CrowdStrike}} That same day, CrowdStrike reportedly contacted affected channel partners with apology emails containing Uber Eats gift cards worth $10.{{Cite web |last=Franceschi-Bicchierai |first=Lorenzo |date=2024-07-24 |title=CrowdStrike offers a $10 apology gift card to say sorry for outage |url=https://techcrunch.com/2024/07/24/crowdstrike-offers-a-10-apology-gift-card-to-say-sorry-for-outage/ |access-date=2024-07-24 |website=TechCrunch |language=en-US}}{{Cite web |last=Sato |first=Mia |date=2024-07-19 |title=CrowdStrike and Microsoft: all the latest news on the global IT outage |url=https://www.theverge.com/24201803/crowdstrike-microsoft-it-global-outage-airlines-banking |access-date=2024-08-14 |website=The Verge |language=en}}{{Cite news |last1=Milmo |first1=Dan |date=2024-07-25 |title=CrowdStrike faces backlash as 'thank you' gift cards are blocked |url=https://www.theguardian.com/technology/article/2024/jul/25/crowdstrike-workers-ubereats-vouchers |access-date=2024-08-14 |work=The Guardian |language=en-GB |issn=0261-3077}} On 6 August 2024, Crowdstrike published a Root Cause Analysis to explain the causes of the Channel File 291 Incident, and the mitigation steps the company took to eliminate future incidents.{{Cite web|date=August 6, 2024|access-date=February 22, 2025|title=External Technical Root Cause Analysis — Channel File 29 |url=https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf |url-status=live|website=CrowdStrike}} CrowdStrike made several process improvements in response to the 19 July incident. These include: adding new content configuration test procedures; implementing additional deployment layers and acceptance checks for its content configuration system; engaging two third-party vendors to review Falcon sensor code, and the company's quality control and release processes; and staggering update rollout in which users can select their preferred timing for updates.{{Cite web|last=Vijayan|first=Jai|date=August 7, 2024|access-date=February 22, 2025|title=CrowdStrike Will Give Customers Control Over Falcon Sensor Updates |url=https://www.darkreading.com/cyber-risk/crowdstrike-will-give-customers-control-over-falcon-sensor-content-updates |url-status=live|website=Dark Reading}}{{Cite web |last=Charlotte Ehrlich |date=2024-10-09 |title=Facing scrutiny over global outage, cybersecurity firm CrowdStrike on track for record year of federal lobbying spending |url=https://www.opensecrets.org/news/2024/10/facing-scrutiny-global-outage-cybersecurity-firm-crowdstrike-on-track-for-record-year-of-federal-lobbying-spending}} The CrowdStrike incident cost Fortune 500 companies $5.4 billion.

• Operating systems
• Chinese intelligence activity abroad
• Chinese espionage in the United States
• Timeline of Russian interference in the 2016 United States elections
• Timeline of investigations into Donald Trump and Russia (January–June 2017)

{{Reflist}}

• {{official website}}
• {{Finance links

|name= CrowdStrike Holdings, Inc.

|google= CRWD:NASDAQ

|yahoo= CRWD

|bloomberg= CRWD:US

|reuters= CRWD.O

|sec_cik= 1535527

}}

{{NASDAQ-100}}

Category:2011 establishments in California

Category:2019 initial public offerings

Category:American companies established in 2011

Category:Companies based in Austin, Texas

Category:Companies listed on the Nasdaq

Category:Computer security companies

Category:Internet technology companies of the United States

Category:Organizations associated with Russian interference in the 2016 United States elections

Category:Security companies of the United States

Category:Technology companies established in 2011

Category:2019 Trump–Ukraine scandal

Category:Warburg Pincus companies