Large-scale IT outages in Australia and globally are being linked to a problem within an endpoint security service made by CrowdStrike.
CrowdStrike's co-founder and CEO George Kurtz confirmed its role in the incident in a statement on X at 7.45pm AEST, the first official confirmation not behind a login.
"CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted," Kurtz wrote.
"This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed."
The issue was acutely felt by Australian and New Zealand-based organisations, which started reporting issues at about 3.45pm AEST.
Not long after, security services providers, CyberCX and Tesserent, both attributed the issues in Windows-based environments to CrowdStrike.
“CyberCX is aware and advising customers of an outage affecting organisations in Australia and New Zealand,” it said in a post on X.
“We understand that this has been caused by an issue affecting organisations who have installed Crowdstrike Falcon in their IT environments.”
Thales-owned Tesserent said in a statement that the issue, “in which devices running Microsoft Windows and CrowdStrike are displaying a 'blue screen' error and attempting to reboot … has been confirmed by CrowdStrike as a Falcon sensor issue.”
CrowdStrike has no publicly accessible service status page.
An alleged screenshot from its password-protected forums purports to confirm that “Windows crashes [are] related to Falcon sensor”.
Falcon sensor is described in technical documentation as a “lightweight” agent installed on endpoints - such as computers and servers - to monitor connections in and out for signs of malicious traffic.
The company’s phone-based support did not appear to carry any messaging about the issues when iTnews called, although Reuters reported hearing a recording via this method.
The moderator of the CrowdStrike Reddit wrote that a change had been reverted to try to fix the problem on the vendor's end.
Information security expert Kevin Beaumont wrote on Mastodon that "invalidly formatted" channel update files pushed by the vendor were the cause of the problems.
A wide range of organisations remain impacted, from enterprises to supermarkets and fast-food operators, as well as “some airline operations and terminal services” at major airports.
Telstra also said in a statement on X that it was impacted to some extent by “a global issue affecting both Microsoft and CrowdStrike”.
Rail freight operator Aurizon also confirmed its operations were impacted.
"Aurizon confirms that a number of its information technology systems are unavailable or have been taken offline as a result of the global outage currently being experienced by a number of companies," it said.
"As a result, this has impacted some of Aurizon’s train services across its operations. In addition, all train services for all rail operators on the Central Queensland Coal Network have been stopped, pending recovery of IT systems."
Banks, payment services and governments were also reported to be experiencing issues.
Operators of similar services in other global markets such as the US and Europe were similarly impacted.
The US Federal Aviation Administration (FAA) issued a ground stop for flights, citing "airline IT issue" as the cause.
The widespread nature of the impact has raised suspicions that there may be more to the incident than CrowdStrike's actions, although there's too little technical detail available to confirm or deny this.
Australia's Home Affairs Minister Clare O'Neil said that CrowdStrike attended a national coordination mechanism meeting that the government called due to the escalating nature of the incident.
"The company has informed us that most issues should be resolved through the fix they have provided but given the size and nature of this incident it may take some time to resolve," O'Neil said.
"Governments are closely engaged at all levels, focused on bringing together the affected parties and ensuring government entities institute the fix as quickly as possible."