The hacktivist group USDoD claims to have leaked CrowdStrike’s “entire threat actor list” and an “entire IOC list” with over 250 million data points.
Details of the Alleged Leak: On July 24, 2024, the USDoD group claimed on an English-language cybercrime forum that they had obtained and leaked CrowdStrike’s comprehensive threat actor database. They shared a download link for the list and sample data fields as proof.
The leaked data reportedly includes:
- Adversary aliases
- Adversary status
- Last active dates
- Region/Country of origin
- Number of targeted industries and countries
- Actor type and motivation
The sample data included “LastActive” dates up to June 2024, while the Falcon portal shows dates extending to July 2024, indicating when the data might have been acquired.Cyber Press researchers reported accessing some of the leaked documents.
USDoD has a history of exaggerating claims to enhance its reputation in hacktivist and eCrime circles. Since 2020, they have engaged in both hacktivism and financially motivated breaches, primarily using social engineering tactics. Recently, they’ve focused on high-profile intrusion campaigns and aimed to expand into administering eCrime forums.
USDoD also claimed to possess “two big databases from an oil company and a pharmacy industry (not from the USA).” However, the connection between these claims and the alleged CrowdStrike data acquisition remains unclear.
The potential leak of CrowdStrike’s threat actor database could have significant cybersecurity implications, including compromising ongoing investigations, exposing methods for tracking malicious actors, and giving cybercriminals an advantage in evading detection. This incident follows a recent CrowdStrike update that caused Windows machines to experience the Blue Screen of Death (BSOD) error.
CrowdStrike’s Response
CrowdStrike, a prominent cybersecurity firm, responded to the claims, stating that while USDoD has been involved in legitimate breaches, their credibility in this case is questionable. The history of exaggeration, inconsistencies in the leaked data, and CrowdStrike’s response cast doubt on the authenticity and severity of the claimed leak.
Leave A Comment