Hackread reports that CrowdStrike had a 103,000-line indicator of compromise list exposed by widely known threat actor USDoD on Breach Forums following the hacker's claims of exfiltrating the U.S. cybersecurity firm's complete threat actor list last week.
Aside from featuring several hash types associated with the Mispadu malware, the leaked 53 MB CSV file also included information connected to the threat actor SAMBASPIDER, kill chain phrases, threat types, confidence levels, and MITRE ATT&CK techniques, reported Hackread researchers.
Meanwhile, CrowdStrike noted the information included in the exposed dataset had "LastActive" dates not later than June.
"…[H]owever, the Falcon portal's last active dates for some of the referenced actors are as recent as July 2024, suggesting when the actor potentially obtained the information," said CrowdStrike, which also noted USDoD's propensity to overstate its hacking assertions.
Such a development comes after a botched update for the CrowdStrike Falcon platform resulted in a widespread global IT outage that impacted 8.5 million Windows machines worldwide.
