Carding Forum
Professional
Why do experts say that this attack cannot be called a "hack"?
CrowdStrike, a recognized leader in cybersecurity, was affected by the leak, for which the USDoD hacker group claimed responsibility. According to the attackers, they managed to get a complete internal list of CrowdStrike threats, including compromise indicators (IoC). The document contains 250 million records about various hacker groups.
In a blog post dated July 25, 2024, the company confirmed the hackers ' claims. USDoD posted a link to download the alleged list of threats and provided sample data on the well-known hacker forum BreachForums.
The situation is developing against the background of the recent global failure in IT systems on July 19, caused by an error in updating content for the CrowdStrike Falcon platform. As a result, key sectors were severely disrupted, including aviation, banking, media and healthcare.
According to representatives of CrowdStrike, the sample published by USDoD contains the following information:
The company also stressed that information about cyber threats is a priori available to many of its trusted customers and partners, as well as potential customers and hundreds of thousands of users, but is not publicly available.
The leak sample shows data with the dates of "last activity", no later than June 2024. However, in the Falcon system, the last activity dates of some of the mentioned attackers are marked July 2024. This means that the systems were hacked quite recently.
USDoD also claims that they have taken possession of the full list of CrowdStrike compromise indicators and plan to publish it soon. Usually, experts use these indicators to determine the methods used by hackers in attacks.
In an interview with Infosecurity Magazine, CrowdStrike emphasizes that even if the attackers ' claims are true, this is not hacking in the classical sense of the word:
"There was no CrowdStrike hack. This cyber threat data is available to thousands of our customers and partners."
According to CrowdStrike, the USDoD group has been active since at least 2020 and carries out both hacktivist and financially motivated attacks. In the past two years, hackers have focused on targeted operations to break into the systems of large companies. Social engineering techniques are mainly used for this purpose.
In September 2023, USDoD reported the theft of personal data of the credit agency TransUnion, as well as the hacking of data from Airbus in the same month.
CrowdStrike also notes that the USDoD tends to exaggerate its claims, possibly seeking to increase its credibility in hacktivist and cybercrime circles.
Experts recommend that organizations strengthen security measures and closely monitor the situation, as data leaks about cyber threats can lead to new attacks and exploit vulnerabilities.
Source
CrowdStrike, a recognized leader in cybersecurity, was affected by the leak, for which the USDoD hacker group claimed responsibility. According to the attackers, they managed to get a complete internal list of CrowdStrike threats, including compromise indicators (IoC). The document contains 250 million records about various hacker groups.
In a blog post dated July 25, 2024, the company confirmed the hackers ' claims. USDoD posted a link to download the alleged list of threats and provided sample data on the well-known hacker forum BreachForums.
The situation is developing against the background of the recent global failure in IT systems on July 19, caused by an error in updating content for the CrowdStrike Falcon platform. As a result, key sectors were severely disrupted, including aviation, banking, media and healthcare.
According to representatives of CrowdStrike, the sample published by USDoD contains the following information:
- Aliases of intruders
- Countries of origin
- Description of threats
- Last Activity Dates
- Confidence levels
- Threat classifications
The company also stressed that information about cyber threats is a priori available to many of its trusted customers and partners, as well as potential customers and hundreds of thousands of users, but is not publicly available.
The leak sample shows data with the dates of "last activity", no later than June 2024. However, in the Falcon system, the last activity dates of some of the mentioned attackers are marked July 2024. This means that the systems were hacked quite recently.
USDoD also claims that they have taken possession of the full list of CrowdStrike compromise indicators and plan to publish it soon. Usually, experts use these indicators to determine the methods used by hackers in attacks.
In an interview with Infosecurity Magazine, CrowdStrike emphasizes that even if the attackers ' claims are true, this is not hacking in the classical sense of the word:
"There was no CrowdStrike hack. This cyber threat data is available to thousands of our customers and partners."
According to CrowdStrike, the USDoD group has been active since at least 2020 and carries out both hacktivist and financially motivated attacks. In the past two years, hackers have focused on targeted operations to break into the systems of large companies. Social engineering techniques are mainly used for this purpose.
In September 2023, USDoD reported the theft of personal data of the credit agency TransUnion, as well as the hacking of data from Airbus in the same month.
CrowdStrike also notes that the USDoD tends to exaggerate its claims, possibly seeking to increase its credibility in hacktivist and cybercrime circles.
Experts recommend that organizations strengthen security measures and closely monitor the situation, as data leaks about cyber threats can lead to new attacks and exploit vulnerabilities.
Source
