CrowdStrike, a leading player in the cybersecurity sector, recently terminated the employment of an insider alleged to have leaked confidential information. The action was taken after a cybercriminal group claimed to have accessed CrowdStrike’s internal systems. This breach occurred amid rising concerns over insider threats within the cybersecurity landscape.
On Thursday and Friday morning, a group known as Scattered Lapsus$ Hunters shared what they claimed were screenshots of internal CrowdStrike dashboards via a public Telegram channel. Among the disseminated images was a screenshot resembling a user’s Okta dashboard, the identity management tool employed by CrowdStrike staff to access internal applications.
The hackers contended that their access stemmed from a separate breach at Gainsight, which collaborates with organizations like Salesforce. They asserted that data taken from Gainsight facilitated their infiltration into CrowdStrike’s systems. However, CrowdStrike has firmly refuted these allegations, asserting that no external hacking took place.
A spokesperson for CrowdStrike, Kevin Benacci, clarified that the dismissed employee had only shared photographs of his computer screen and emphasized that the company’s systems and customer data remained secure. “Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies,” Benacci stated in an interview with TechCrunch.
CrowdStrike characterized the claims made by Scattered Lapsus$ as unfounded and highlighted their swift action in terminating the insider’s access upon identifying the breach of policy. The group has previously claimed responsibility for multiple data breaches affecting various technology companies. Despite inquiries from media outlets, Gainsight has yet to comment on the situation.
The collective Scattered Lapsus$ Hunters consists of notorious hacker factions, including ShinyHunters, Scattered Spider, and Lapsus$. These groups are known for deploying aggressive social engineering tactics to penetrate corporate networks, often manipulating employees into revealing their credentials.
Recently, the group claimed to have exfiltrated over a billion customer records from companies utilizing Salesforce infrastructure, listing compromised information from various organizations like Allianz Life, Qantas, and Workday. This incident highlights an alarming trend of insider threats, even in companies dedicated to cybersecurity solutions.
The situation underscores the necessity of vigilance against both external and internal threats and serves as a reminder that even organizations primarily focused on threat prevention are not immune to breaches. As businesses increasingly rely on digital infrastructures, the risks associated with insider actions must be carefully managed to safeguard sensitive information and maintain stakeholder trust.
