The cybersecurity company CrowdStrike said Wednesday evening that some of the company’s private information on the hackers it tracks had been posted online, and that the hacker behind the leak has threatened to release information that’s even more sensitive.
Crowdstrike is one of the top cybersecurity companies in the U.S., hunting and monitoring hacker groups in an effort to keep clients’ computer systems safe.
The information in the leak echoes data that CrowdStrike has released publicly. It lists 244 notable hacker groups with the month and year they were last seen; whether they are retired, active or inactive; their country of origin; how many industries they have targeted; how many countries they have targeted; and whether they are hacktivists, cybercriminals or working for a government.
But the hacker also claimed to have stolen a list of “Indicators of Compromise,” which include the digital evidence that cybersecurity experts comb through to trace a hacker group’s handiwork. Hackers routinely threaten to leak private files and post samples they claim are evidence, often either exaggerating or lying about what they’ve found. It is unusual, however, for a major cybersecurity company to publicly acknowledge such a claim without refuting it.
The identity of the hacker or hacker group, which uses the name USDoD, is unknown, and they may be an operation run by multiple people. They posted the internal database Wednesday on BreachForums, the most prominent English-language hacker forum.
CrowdStrike, one of the top cybersecurity companies in the U.S., noted in a blog post that the list was already available to “tens of thousands of customers, partners and prospects — and hundreds of thousands of users.”
CrowdStrike’s announcement comes just days after the company took responsibility for one of the worst mass computer crashes in history, when a routine, automatic software update accidentally included a coding error that crashed an estimated 8.5 million Windows computers. Many needed to be tediously fixed by hand, and the resulting chaos affected everything from Paris Olympics ticketing, hospitals and airlines around the world, particularly Delta flights.
It did not appear that the widespread glitch was related to the leak of its information, and CrowdStrike noted: “Adversaries exploit current events for attention and gain.”
The leaked database is current as of June, but CrowdStrike said it was updated in July, indicating it was stolen last month.
,
