The threat actor known as USDoD, infamous for leaking sensitive information from major databases including those of Airbus, TransUnion, and the US Environmental Agency, has resurfaced in the news. On July 25, 2024, USDoD released a portion of a dataset related to threat intelligence compiled by CrowdStrike, the Florida-based cybersecurity firm.
The leaked information was posted on a data breach forum and included a link shared with CrowdStrike’s partners and some of its clients. Following the breach, CrowdStrike confirmed the authenticity of the leaked data and stated that they would provide further details after a thorough investigation.
The released data encompasses various aspects of threat actors, such as their status, country of origin, last active dates, targeted industries, the nationalities of their victims, and any state-sponsored intelligence linked to them.
The timing of this leak is notable, coming exactly one week after CrowdStrike faced a significant IT crisis involving Windows Operating Systems worldwide, caused by a bug in their Falcon Sensors. Analysts suggest that USDoD might have released this information either to gain notoriety or to damage CrowdStrike’s reputation, which has already been impacted by the global IT outage experienced by Microsoft on July 18-19, 2024.
Typically, such Indicators of Compromise (IOCs) are used to estimate or predict the attack strategies of threat actors. USDoD has indicated that more information will be released by the end of the month but has not made any demands, suggesting that this initial leak may simply be a precursor to further revelations.
Ad