Cybersecurity company CrowdStrike has responded to claims that private information regarding the hackers it tracks online has been leaked, stating that the information is already available to its customers, partners, and hundreds of thousands of users.
In a post on its official website, CrowdStrike said a hacker or hackers, using the name USDoD, stated on a cybercrime forum on July 24 that the firm’s “entire threat actor list” would be released.
In the forum post, USDoD provided a link to download the alleged “threat actor list” and provided a sample of data fields, “likely in an effort to substantiate their claims,” CrowdStrike said.
USDoD also claimed to have obtained CrowdStrike’s “entire IOC [indicators of compromise] list,” which includes evidence that a system may have been infiltrated, and promised to release it soon, the company said.
Sample data included a spreadsheet that contained information on when hacking groups were last active, their region or country of origin, the number of industries targeted by the groups, and their motivation.
The sample data on the spreadsheet dates back to June, suggesting that this is when the hacking group potentially obtained the information, CrowdStrike said.
That was weeks before a faulty software update at CrowdStrike sparked a worldwide IT outage, causing global chaos and disrupting flights, banks, hospitals, retail, and media.
“USDoD also claimed in their post to have ’two big dbs [databases] from an oil company and a pharmacy industry (not from USA),’” CrowdStrike said. “It was unclear whether the post was linking the claims to have breached an oil company and pharmaceutical industry company with their alleged acquisition of CrowdStrike data.”
The cybersecurity firm also said that USDoD “has previously exaggerated claims, likely in an effort to ”enhance their reputation within both hacktivist and eCrime communities.”
The hacking entity previously claimed to have hacked and leaked data from LinkedIn, but those claims were later refuted by industry sources, who credited the data leak to web scraping as opposed to a targeted operation, CrowdStrike noted.
Since at least 2020, USDoD has conducted both “hacktivism and financially motivated breaches,” with the hacking entity typically accessing sensitive data through social-engineering tactics, according to CrowdStrike.
Within the past two years, USDoD focused more on “high-profile targeted intrusion campaigns,” and, more recently, has expanded its activities into administering eCrime forums, the cybersecurity firm said.
CrowdStrike’s comments follow the company’s acknowledgment of its mistakes in the wake of the global IT outage.
Monica O’Shea contributed to this report.