CrowdStrike Insider Helped Hackers Falsely Claim System Breach

Cybersecurity firm CrowdStrike has fired an insider caught selling screenshots of their computer to cybercriminals.

The screenshots, which were posted by the financially motivated hacking group Scattered Lapsus$ Hunters on its Telegram channel, include images of the company’s dashboards, including a link to an Okta Single Sign-On (SSO) panel.

The hackers initially claimed that the screenshots were proof that they had gained access to CrowdStrike’s systems through the exploitation of Gainsight, a third-party vendor typically used for customer management.

Last week, the threat actors said they compromised numerous Salesforce customers through their Gainsight integrations, and Salesforce disconnected Gainsight-published applications from its platform.

In a statement to SecurityWeek, CrowdStrike denied being compromised and confirmed that an ‘insider’ was responsible for the leak.

“We identified and terminated a suspicious insider last month following an internal investigation that determined he shared pictures of his computer screen externally,” a company spokesperson said.

“Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies,” the representative added.

It’s unclear whether the insider is an employee, contractor, consultant, or business partner with authorized access to the company’s internal systems.

Scattered Lapsus$ Hunters reportedly claimed paying $25,000 to the CrowdStrike insider for the leaked data, for access to the company’s systems, and for authentication cookies.

The threat actor recently claimed to have made over 1,000 victims in multiple data theft campaigns targeting Salesforce customers, including high-profile brands and cybersecurity companies.

Related: Mazda Says No Data Leakage or Operational Impact From Oracle Hack

Related: Spanish Airline Iberia Notifies Customers of Data Breach

Related: 146,000 Impacted by Delta Dental of Virginia Data Breach

Related: Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims