CrowdStrike’s situation is deteriorating. While most affected systems are back online, a hacktivist group has posted some of the company’s private information on BreachForums, the leading English-language hacker forum. The hacker, allegedly linked to USDoD, threatens to release even more sensitive data. The stolen information includes CrowdStrike’s list of 244 notable hacker groups, detailing their aliases, last active dates, origin, target industries, motivations, and actor types. The hacker also claims to have obtained “Indicators of Compromise” used by cybersecurity experts to identify attack methods.
CrowdStrike’s blog post reveals that the “Last Active” dates on the leaked data end in June, despite the Falcon portal’s last active date being July 2024, suggesting the breach occurred last month. The hacker further claims to have breached an oil company and a pharmaceutical company, though it’s unclear if this claim is related to the CrowdStrike data.
This incident comes on the heels of a significant operating system outage caused by a defect in CrowdStrike’s Falcon content update. The outage impacted various industries, including health, judicial, retail, and finance, with airlines facing the most severe disruption. Southwest Airlines escaped the outage due to its use of an older Windows version, while Delta Airlines experienced numerous cancellations, leading to a federal investigation. This recent breach adds to CrowdStrike’s challenges, raising concerns about the security of its platform and its ability to protect its clients from cyberattacks.
