In a recent development within the cybersecurity world, a threat group identified as USDoD has claimed responsibility for acquiring a substantial database compiled by CrowdStrike, a leading cybersecurity firm. The group made their announcement on a dark web forum on July 24th, stating they have access to over 250 million records detailing information about various threat actors. This purported database includes data on the aliases, activities, origins, and motivations of cybercriminal groups, including state-sponsored actors.
The dataset allegedly contains information on 228 identified actors, categorized into eCrime (criminal), state-sponsored, and hacktivism groups. According to the group, the most frequently mentioned countries of origin are the Russian Federation, China, and Iran. Key industries targeted by these actors include technology, government, healthcare, and energy sectors, with the United States, United Kingdom, Germany, Canada, and France listed as the most targeted countries.
However, CrowdStrike has refuted the claims made by USDoD. In a statement, the company clarified that the data being circulated is not from an actual breach of their systems but rather information already accessible to their customers through the Falcon platform. CrowdStrike's stance suggests that the data USDoD is showcasing might not be the critical exposure it has been portrayed as.
Victor Acin, Labs Manager at Outpost24’s KrakenLabs, commented on the situation: “At first glance, a leak like this looks significant and highlights the scale of malicious operations the cybersecurity community is up against. However, on closer inspection, this claim does not appear to be as impactful as the threat group are making out."
Acin further explained the possible motivation behind USDoD's claim, suggesting that threat groups often exaggerate their actions to bolster their reputation within cybercrime communities and underground marketplaces. "Claiming to have breached a big player in the cybersecurity industry like CrowdStrike helps get their own name out there," he added.
This is not the first time USDoD has been associated with significant data leaks. In 2023, they claimed responsibility for uploading a 3GB database containing the personally identifiable information of 58,505 individuals from TransUnion.
As the cybersecurity community assesses the veracity and impact of this alleged leak, the incident serves as a reminder of the complex and often opaque nature of information within cybercrime forums. Whether this claim will have broader implications remains to be seen, but for now, the consensus appears to be one of skepticism.