Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
320x100 Itcentric
2nd Edition GlitchZone RHC 970x120 2
CrowdStrike Insider Fired for Providing Sensitive Data to Criminal Hackers

CrowdStrike Insider Fired for Providing Sensitive Data to Criminal Hackers

Redazione RHC : 22 November 2025 09:29

In recent months, the insider problem has become increasingly important for large companies , and one recent episode involved CrowdStrike.

The cybersecurity firm has in fact removed an employee believed to have shared confidential information on the company’s internal systems with a group of hackers.

Reviewed by TechCrunch , the screenshots revealed internal dashboards, including an Okta Single Sign-On (SSO) panel that employees used to access company applications.

Although the hackers claimed to have received authentication cookies , CrowdStrike maintains that its security operations center detected the activity before any malicious access could be fully established.

It further reported that the leaked images were the result of an employee sharing images of their screen and not a systemic intrusion into the network.

“Our systems were never compromised, and customers remained protected the entire time. We have forwarded this matter to the appropriate law enforcement,” CrowdStrike spokesperson Kevin Benacci told TechCrunch.

The incident, which came to light late Thursday and early Friday, involved the leak of internal screenshots to a public Telegram channel run by the cybercriminal group known as “Scattered Lapsus$ Hunters.”

The data leaks came to light when Scattered Lapsus$ Hunters, (a joint venture of multiple cybercriminal groups), released images that purportedly showed access to CrowdStrike’s internal environment.

Scattered Lapsus$ Hunters Breach Overview from 2021 ( Source pushsecurity )

Criminal hackers claimed these images were evidence of a larger compromise achieved through a third-party breach at Gainsight, a customer success platform used by Salesforce customers.

The reality of the situation seems to point to a human vulnerability rather than a technical flaw. The attackers reportedly attempted to bribe an insider with an offer of $25,000 to gain easier access to the network.

This incident is part of a larger and more aggressive campaign conducted by Scattered Lapsus$ Hunters, who have recently targeted large companies by leveraging third-party providers such as Gainsight and Salesloft.

Recall that as of October 2025, the group claimed to have exfiltrated nearly 1 billion records from Salesforce customers, listing high-profile victims such as Allianz Life, Qantas, and Stellantis on their data leak website.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli