CrowdStrike Terminates Staff Over Alleged Collaboration with Hackers

Cybersecurity giant CrowdStrike has officially confirmed the termination of an employee who was caught providing sensitive internal system details to a notorious hacking collective.

The incident surfaced late Thursday and continued into Friday morning when internal screenshots appeared on a public Telegram channel managed by the threat group known as “Scattered Lapsus$ Hunters.”

This group describes itself as a “supergroup” formed by members of Scattered Spider, LAPSUS$, and ShinyHunters, and posted images claiming they had successfully accessed CrowdStrike’s internal environment.

The leaked images, reviewed by researchers, showed internal dashboards and an Okta Single Sign-On (SSO) panel that employees use to access corporate applications.

The hackers initially claimed these images were proof of a broader compromise resulting from a third-party breach at Gainsight, a customer success platform used by Salesforce clients.

However, investigations revealed that the reality was not a sophisticated technical hack but rather a case of human vulnerability and insider recruitment.

Insider Recruitment and Failed Breach

According to CyberSecurity News, Reports indicate that the threat actors approached the insider and allegedly offered $25,000 to facilitate access to the network.

While the hacking group claimed to have received authentication cookies that would allow them to bypass security measures, CrowdStrike maintains that its security operations center detected the suspicious activity before any malicious access could be fully established.

The company clarified that the “leak” was actually an employee sharing photographs of their computer screen, rather than a systemic network intrusion or data exfiltration.

CrowdStrike moved quickly to address the claims and reassure its client base. A spokesperson for the company stated that they identified and terminated the suspicious insider last month following an internal investigation.

The investigation determined that the individual had shared pictures of his screen externally, but the company’s systems remained secure.

CrowdStrike emphasized that customers were protected throughout the incident and that the case has since been turned over to relevant law enforcement agencies for further action.

This incident is part of a larger, aggressive campaign by Scattered Lapsus$ Hunters, who have recently targeted major corporations by exploiting third-party vendors.

In October 2025, the group claimed to have exfiltrated nearly 1 billion records from Salesforce customers, listing high-profile victims such as Allianz Life, Qantas, and Stellantis on its data-leak site.

The group’s modus operandi frequently relies on high-pressure social engineering and the recruitment of insiders to bypass perimeter defenses, a tactic that has become increasingly common throughout 2025.

The convergence of sophisticated social engineering techniques with the pooled resources of three major cybercrime gangs represents a significant evolution in the threat landscape facing technology enterprises today.

While CrowdStrike successfully contained this specific insider threat without customer impact, the event highlights the persistent danger posed by recruited employees in high-stakes cybersecurity environments.

Companies are increasingly finding that their strongest technical defenses must be paired with rigorous internal monitoring to detect human-centric vulnerabilities.

Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates

The post CrowdStrike Terminates Staff Over Alleged Collaboration with Hackers appeared first on Cyber Security News.