A hacktivist group claiming to be USDoD has announced a breach of cybersecurity firm CrowdStrike [1], allegedly exfiltrating sensitive information.
Description
The hacktivist group [1] [2] [4], posing as USDoD, has claimed to have breached CrowdStrike and obtained their threat actor list and IOC list. The leaked information [2], shared on BreachForums [1], includes adversary aliases [1] [2], activity status [1], geographic origin [1], and more. CrowdStrike has acknowledged the claims and stated that the data was accessible to approved customers, partners [3] [4], and prospects [3] [4]. The leaked data includes “LastActive” dates until June 2024 [4], indicating recent acquisition [4]. USDoD also claimed to have acquired CrowdStrike’s entire IoC list and planned to release it [4]. Security researchers vx-underground highlighted USDoD’s post on X (formerly Twitter) [4], revealing that the scraping operation took around a month [4]. CrowdStrike has emphasized that if the attackers’ claims are accurate [4], it does not constitute a breach [4]. However, the authenticity and severity of the claimed leak are questionable [2], given USDoD’s history and inconsistencies in the leaked data [2]. Experts are skeptical of USDoD’s credibility and warn of potential consequences if the data is legitimate [1]. Increased vigilance and security measures are advised [1]. Additionally, USDoD claims to have accessed sensitive details and data from an oil company and a pharmacy industry [3]. CrowdStrike denies a breach [3], stating that the information is available to customers [3], partners [3] [4], and prospects [3] [4]. It is worth noting that CrowdStrike recently caused a significant operating system outage due to a defect in a Falcon content update [3], affecting various industries and triggering a federal investigation into Delta Airlines [3].
Conclusion
The alleged breach of CrowdStrike by USDoD raises concerns about data security and the credibility of the hacker group. Organizations are advised to enhance their security measures and remain vigilant against potential cyber threats. The impact of the breach, if confirmed, could have far-reaching consequences for affected industries and individuals.
References
[1] https://securityonline.info/crowdstrike-data-leak-claims-spark-concern-hacktivist-credibility-questioned/
[2] https://cybersecuritynews.com/crowdstrike-threat-actor-database/
[3] https://www.digitaltrends.com/computing/hacker-threatens-to-leak-sensitive-crowdstrike-information/
[4] https://www.infosecurity-magazine.com/news/hacktivists-leak-crowdstrike/