Cybersecurity company CrowdStrike announced it terminated an employee after discovering the individual was sharing internal company information with a foreign nation-state-sponsored hacking group. The company’s own security products were credited with detecting the malicious insider activity.

In a public statement, CrowdStrike CISO Shawn Henry disclosed that the company’s internal security team identified anomalous activity in February 2022. The investigation revealed that an employee, who had been hired in June 2021, was exfiltrating proprietary business information and operational data.

Details of the Data Exfiltration

The terminated employee reportedly used a personal cloud storage account and a personal laptop to transfer the data. The information shared with the third-party hacking group included procurement-related documents with pricing information and internal presentations. CrowdStrike confirmed that the exfiltrated data did not include customer data, and no customer accounts were impacted. The company also stated that its corporate network was not breached and that no source code for its Falcon products was shared.

Detection and Corporate Response

The malicious activity was detected by the CrowdStrike Falcon platform’s behavioral analytics, which flagged the anomalous data movement. Upon confirming the insider threat, CrowdStrike’s response was immediate. The company fired the employee, initiated legal action against them, and referred the matter to law enforcement for further investigation. The firm’s public disclosure highlighted its zero-trust security model as a critical component in identifying and mitigating the threat from within.

Source: https://www.csoonline.com/article/4094780/crowdstrike-fired-insider-for-sharing-internal-info-with-hacking-group.html