data leak
Company Overview
CrowdStrike is a prominent cybersecurity firm that provides advanced threat intelligence, endpoint protection, and incident response services to organizations globally. Established in 2011, the company is based in Sunnyvale, California, and is renowned for its innovative approaches to preventing and responding to cyber threats.
Breach Details
- Date of Incident: July 24, 2024
- Threat Actor: USDoD, a notorious hacker known for significant data breaches
- Type of Data Compromised: Threat actor intelligence, including aliases, status, origin, target industries, target countries, actor type, and motivations
- Volume of Data: Over 250 million records
Incident Description
On July 24, 2024, the threat actor USDoD announced on a cybercriminal forum that they had successfully breached CrowdStrike’s threat actor database. USDoD posted a link to download the extensive database, which contains detailed information on various threat actors. This breach exposes CrowdStrike’s internal threat intelligence, severely undermining their ability to track and mitigate cyber threats effectively.
USDoD claimed to have scraped CrowdStrike’s entire Indicator of Compromise (IOC) list, amounting to more than 250 million data entries. Additionally, USDoD mentioned having significant databases from an oil company and a pharmaceutical industry, hinting at further potential leaks.
Threat Actor Profile
- Alias: USDoD
- Activity Status: Active
- Notable Attacks: Breaches involving Airbus, TransUnion, and the U.S. Environmental Protection Agency
- Known Motivations: Primarily eCrime, with some activities suggesting political motives.
- Origin: Not publicly specified.
USDoD is infamous for leaking large databases, including data from LinkedIn and InfraGard (a partnership program run by the FBI). The hacker has been linked to various high-profile data breaches and has a history of using web scraping techniques to gather vast amounts of data from public sources (SOCRadar® Cyber Intelligence Inc.) (Malpedia).