CrowdStrike Fires Insider Amid Hacker Group Claims

Cybersecurity firm CrowdStrike has confirmed the termination of an employee last month, identified as a "suspicious insider," for allegedly sharing company information with a prominent hacking collective. This development follows claims from the group, Scattered Lapsus$ Hunters, who published screenshots purportedly showing internal access to CrowdStrike systems.

The hacking collective, known as Scattered Lapsus$ Hunters, released screenshots late Thursday and Friday morning via a public Telegram channel. These images allegedly depicted insider access to CrowdStrike's systems, including dashboards with links to internal company resources and an employee's Okta dashboard for application access.

Scattered Lapsus$ Hunters asserted they compromised CrowdStrike by exploiting a recent breach at Gainsight, a customer relationship management (CRM) company. Gainsight assists Salesforce clients in managing customer data. The hackers claimed to have leveraged information pilfered from the Gainsight incident to gain entry into CrowdStrike's environment.

CrowdStrike, however, vehemently refutes the hackers' claims of a system compromise. According to the cybersecurity firm, the insider's access was terminated after it was discovered that he "shared pictures of his computer screen externally." Kevin Benacci, a CrowdStrike spokesperson, told TechCrunch:

"Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies."

This incident is reportedly part of a broader campaign that has allegedly targeted several other technology companies. Gainsight did not provide a comment to TechCrunch regarding the claims.

Scattered Lapsus$ Hunters is a collective comprising various hacking groups, including ShinyHunters, Scattered Spider, and Lapsus$. Members of this group are known for employing social engineering tactics to manipulate employees into granting unauthorized access to corporate systems or databases.

The Scattered Lapsus$ Hunters have a history of high-profile cyberattacks. In October, the group asserted they had stolen over a billion records from major corporations utilizing Salesforce for customer data hosting. They subsequently launched a data leak site, enumerating stolen data from entities such as insurance giant Allianz Life, the airline Qantas, automaker Stellantis, credit bureau TransUnion, and the employee management platform Workday, among others.