CrowdStrike Investigates Insider Threat Incident

Cybersecurity firm CrowdStrike is actively investigating an insider threat incident after a threat actor posted screenshots of the company’s internal systems on a hacking forum. Despite the leak, CrowdStrike has stated that there has been no breach of its systems and no impact on customer data or environments. The incident came to light when a threat actor named ‘Boro,’ associated with the group ‘Kritec,’ made claims on the XSS hacking forum of having access to CrowdStrike’s Falcon platform, customer data, and source code.

As proof of their claims, the threat actor published screenshots. These images displayed what appeared to be CrowdStrike’s internal systems, including a list of customers and tools related to the Falcon platform. The threat actor also threatened to sell the data if CrowdStrike did not pay a ransom.

Official Response and Employee Termination

CrowdStrike’s Chief Information Security Officer (CISO), Adam Meyers, publicly addressed the situation. He confirmed that the company’s investigation determined the screenshots were shared by a CrowdStrike sales employee. In response, the company immediately revoked the employee’s access to its systems, and the individual is no longer employed by CrowdStrike.

Meyers further clarified the nature of the leaked information. He confirmed the screenshots were legitimate but emphasized that they showed directory listings and file names from a non-production SharePoint environment. The CISO stated that there is no evidence to suggest that sensitive data, source code, or customer information was exfiltrated. The investigation affirmed that there was no breach and no impact on customer environments.

Source: https://securityaffairs.com/184926/security/crowdstrike-denies-breach-after-insider-sent-internal-screenshots-to-hackers.html