CrowdStrike Confirms Insider Misconduct
American cybersecurity giant CrowdStrike has confirmed that a malicious insider secretly shared screenshots of internal systems with threat actors — including members of ShinyHunters, Scattered Spider, and the Scattered Lapsus$ Hunters.
Importantly, CrowdStrike stated that its systems were never breached and that no customer data was compromised.
🔍 What Happened
- An internal employee leaked screenshots of his CrowdStrike workstation.
- Threat actors claim they paid the insider $25,000 for access and authentication cookies.
- CrowdStrike detected suspicious activity early and terminated the insider’s access immediately.
- The case has been escalated to law enforcement.
🚨 Who’s Behind It?
The screenshots appeared on Telegram channels operated by:
- ShinyHunters
- Scattered Spider
- Lapsus$ / Scattered Lapsus$ Hunters
These groups are involved in:
- The massive Salesforce exploitation campaign
- High-profile breaches targeting Google, Cisco, Qantas, Adidas, Workday, Dior, and others
- Recent transitions to a new ransomware-as-a-service platform: ShinySp1d3r
🛡 What It Means
Although the leak involved an insider, CrowdStrike emphasized:
✔ No infrastructure compromise
✔ No customer impact
✔ Insider removed swiftly
✔ Incident now under criminal investigation
This incident highlights the growing threat of insider-enabled access, particularly as extortion groups continue to evolve toward hybrid phishing, insider recruitment, and SaaS compromise campaigns.
Comments are closed