Threat Actors Claiming Leak of IOC list with 250M Data, CrowdStrike Responded

A hacktivist entity known as USDoD has asserted that it has leaked CrowdStrike’s “entire threat actor list” and claims to possess the company’s “entire IOC [indicators of compromise] list,” which purportedly contains over 250 million data points.

Details of the Alleged Leak

On July 24, 2024, the USDoD group announced an English-language cybercrime forum, stating that they had obtained and leaked CrowdStrike’s comprehensive threat actor database.

The group provided a link to download the alleged list and shared sample data fields to substantiate their claims.

The leaked information reportedly includes:

  • Adversary aliases
  • Adversary status
  • The last active dates for each adversary
  • Region/Country of Adversary Origin
  • Number of targeted industries and countries
  • Actor type and motivation
Claim of the breach

The sample data contained “LastActive” dates up to June 2024, while the Falcon portal’s last active dates for some actors extend to July 2024, suggesting the potential timeframe of the data acquisition.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Cyber Press researchers stated that they were able to view some of the documents leaked.

Background on USDoD

USDoD has a history of exaggerating claims, likely to enhance its reputation within hacktivist and eCrime communities.

For example, they previously claimed to have conducted a hack-and-leak operation targeting a professional networking platform, which was later debunked by industry sources as mere web scraping.

Since 2020, USDoD has engaged in both hacktivism and financially motivated breaches, primarily using social engineering tactics.

In recent years, they have focused on high-profile targeted intrusion campaigns and have sought to expand their activities into administering eCrime forums.

USDoD also claimed to possess “two big databases from an oil company and a pharmacy industry (not from the USA).” However, the connection between these claims and the alleged CrowdStrike data acquisition remains unclear.

The potential leak of CrowdStrike’s threat actor database could have significant implications for cybersecurity:

  • Compromise of ongoing investigations
  • Exposure of tracking methods for malicious actors
  • Potential advantage for cybercriminals in evading detection

This story unfolds following a CrowdStrike update that caused Windows machines to experience the Blue Screen of Death (BSOD) error.

CrowdStrike’s Response

CrowdStrike, a leading cybersecurity firm known for its threat intelligence and incident response services, has responded to the claims. The company stated:

“The threat intel data noted in this report is available to tens of thousands of customers, partners, and prospects – and hundreds of thousands of users. Adversaries exploit current events for attention and gain. We remain committed to sharing data with the community.”

While USDoD has been involved in legitimate breaches, its credibility in this specific case is questionable.

Their history of exaggeration, the inconsistencies in the leaked data, and CrowdStrike’s response all cast doubt on the authenticity and severity of the claimed leak.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Researchers Uncover Hacking Tools and Techniques Shared on Russian-Speaking Cybercrime Forums

Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal…

3 hours ago

SideCopy APT Hackers Impersonate Government Officials to Deploy Open-Source XenoRAT Tool

The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting…

4 hours ago

Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA

Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass…

4 hours ago

Threat Actors Exploit Messaging Services as Lucrative Cybercrime Platforms

Threat actors are exploiting weaknesses in SMS verification systems to generate massive, fraudulent message traffic,…

5 hours ago

Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens

The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as…

5 hours ago

North Korean Hackers Use Social Engineering and Python Scripts to Execute Stealthy Commands

North Korean threat actors have demonstrated their adept use of social engineering techniques combined with…

5 hours ago