Cybersecurity firm CrowdStrike has provided a response to allegations that sensitive information regarding the hackers it tracks has been leaked. The company asserts that this information is already accessible to its customers, partners, and numerous users.
In an official post on its website, CrowdStrike addresses a claim made on a cybercrime forum on July 24 by a hacker or group using the name USDoD. This claim stated that the firm’s entire threat actor list would be released.
To support their assertion, USDoD shared a link to download the alleged threat actor list on the forum, along with a sample of data fields. CrowdStrike recognizes that this was likely an attempt to substantiate their claims.
The hacker(s) also stated that they have obtained CrowdStrike’s entire IOC (indicators of compromise) list, which encompasses evidence of potential system infiltrations. They have promised to release this information in the near future.
The provided sample data includes a spreadsheet containing details on the recent activity of hacking groups, their geographical origins, the number of industries they target, and their motivations.
CrowdStrike suggests that the data on the spreadsheet dates back to June, which implies that this is when the hacker(s) potentially obtained the information.
It is worth noting that this incident occurred weeks prior to a software update issue at CrowdStrike, which resulted in a widespread IT outage and caused disruption in various sectors worldwide, including flights, banks, hospitals, retail, and media.
In their post, USDoD also claims to possess two significant databases from an oil company and a pharmacy industry that are not based in the United States. However, it remains unclear whether these claims are connected to their alleged acquisition of CrowdStrike data.
CrowdStrike highlights that USDoD has a history of exaggerating claims to enhance their reputation in both hacktivist and eCrime communities. The hacking entity had previously claimed responsibility for hacking and leaking data from LinkedIn. However, industry sources disputed these claims and attributed the data leak to web scraping rather than a targeted operation, as acknowledged by CrowdStrike.
CrowdStrike reveals that USDoD has conducted both hacktivism and financially motivated breaches since at least 2020, typically employing social-engineering tactics to gain access to sensitive data. The cybersecurity firm also notes that in the past two years, USDoD has increasingly focused on high-profile targeted intrusion campaigns. More recently, USDoD has expanded its activities to include administering eCrime forums.
These statements from CrowdStrike follow the company’s acknowledgment of their mistakes in relation to the global IT outage.