Article Details

CrowdStrike catches insider feeding information to hackers. American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with unnamed threat actors. However, the company noted that its systems were not breached as a result of this incident and that customers' data was not compromised. "We identified and terminated a suspicious insider last month following an internal investigation that determined he shared pictures of his computer screen externally," a CrowdStrike spokesperson told BleepingComputer today. "Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies." CrowdStrike did not specify the threat group responsible for the incident or the motivations of the malicious insider who shared screenshots. However, this statement was provided in response to questions from BleepingComputer regarding screenshots of CrowdStrike systems that were recently posted on Telegram by members of the threat groups ShinyHunters, Scattered Spider, and Lapsus$. The Scattered Lapsus$ Hunters cybercrime collective These groups are now collectively calling themselves "Scattered Lapsus$ Hunters" and have previously launched a data-leak site to extort dozens of companies impacted by a massive wave of Salesforce breaches. Scattered Lapsus$ Hunters have been targeting Salesforce customers in voice phishing attacks since the start of the year, breaching companies such as Google, Cisco, Allianz Life, Farmers Insurance, Qantas, Adidas, ​​​​​​Workday, as well as LVMH subsidiaries, including Dior, Louis Vuitton, and Tiffany & Co. Companies they attempted to extort include high-profile brands and organizations, such as Google, Cisco, Toyota, Instacart, Cartier, Adidas, Sake Fifth Avenue, Air France & KLM, FedEx, Disney/Hulu, Home Depot, Marriott, Gap, McDonald's, Walgreens, Transunion, HBO MAX, UPS, Chanel, and IKEA. Scattered Lapsus$ Hunters also claimed responsibility for the Jaguar Land Rover (JLR) breach, stealing sensitive data and significantly disrupting operations, resulting in damages of over £196 million ($220 million) in the last quarter. As BleepingComputer reported this week, the ShinyHunters and Scattered Spider extortion groups are switching to a new ransomware-as-a-service platform named ShinySp1d3r, after previously using other ransomware gangs' encryptors in attacks, including ALPHV/BlackCat, RansomHub, Qilin, and DragonForce. Secrets Security Cheat Sheet: From Sprawl to Control Whether you're cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start. Get the cheat sheet and take the guesswork out of secrets management.