CrowdStrike fires ‘suspicious insider’ who passed information to hackers

In a significant security breach, CrowdStrike, a leading cybersecurity firm, has reported the termination of an employee suspected of leaking sensitive information to a notorious hacker group. This action took place last month, triggered by allegations that the insider provided access details to the Scattered Lapsus$ Hunters, a collective known for its aggressive cyber tactics. Screenshots were shared on a public Telegram channel by the hacking group, purportedly showcasing unauthorized access to CrowdStrike's internal systems. TechCrunch has verified these images, which include links to various company resources and an employee's Okta dashboard, commonly used for accessing internal applications. The hackers claimed their entry into CrowdStrike originated from a recent breach at Gainsight, a customer relationship management platform that services Salesforce customers. They asserted that they exploited stolen information from Gainsight to infiltrate CrowdStrike's systems. However, CrowdStrike has firmly rejected these claims, emphasizing that their systems were not compromised. The spokesperson, Kevin Benacci, clarified that the company acted swiftly to revoke the insider's access upon discovering that he had shared images of his monitor externally. "Our systems were never compromised, and customers remained protected throughout this incident. We have handed the matter over to the appropriate law enforcement authorities," Benacci stated. This incident is part of a broader campaign, as multiple tech companies have reportedly been targeted under similar circumstances. The Scattered Lapsus$ Hunters group, which comprises various hacking factions including ShinyHunters and Scattered Spider, is known for employing social engineering strategies to deceive employees into granting system access. Just last month, the group boasted about acquiring over a billion records from major corporations that utilize Salesforce for customer data management, creating a data leak site that listed numerous victims, including Allianz Life, Qantas, Stellantis, TransUnion, and Workday.