Threat Intelligence

CrowdStrike Denies That Threat Actor USDoD Exposed IoC List

Share
(Adobe Stock)

Hackread reports that CrowdStrike had a 103,000-line indicator of compromise list exposed by widely known threat actor USDoD on Breach Forums following the hacker's claims of exfiltrating the U.S. cybersecurity firm's complete threat actor list last week.

CrowdStrike has reached out to ChannelE2E, denying that report. A spokesperson said: "There is no CrowdStrike breach. This threat intel data is available to tens of thousands of customers, partners and prospects." CrowdStrike's full response to the USDoD's claims can be found in this blog published by the company.

(This brief was updated after we received a comment from CrowdStrike.)

Aside from featuring several hash types associated with the Mispadu malware, the leaked 53 MB CSV file also included information connected to the threat actor SAMBASPIDER, kill chain phrases, threat types, confidence levels and MITRE ATT&CK techniques, reported Hackread researchers.

Meanwhile, CrowdStrike noted the information included in the exposed dataset had "LastActive" dates not later than June.

"...[H]owever, the Falcon portal's last active dates for some of the referenced actors are as recent as July 2024, suggesting when the actor potentially obtained the information," said CrowdStrike, which also noted USDoD's propensity to overstate its hacking assertions. Such a development comes after a botched update for the CrowdStrike Falcon platform resulted in a widespread global IT outage that impacted 8.5 million Windows machines worldwide.