CrowdStrike catches insider feeding information to hackers

CrowdStrike identified and terminated an insider who shared screenshots of internal systems with the Scattered Lapsus$ Hunters threat group. The hackers claim they agreed to pay $25,000 for network access and received SSO authentication cookies, but CrowdStrike detected the activity and shut down access before any systems were compromised. The company confirmed no customer data was affected and has referred the case to law enforcement. This incident involves the same threat collective responsible for recent Salesforce breaches affecting major companies like Google, Cisco, and Jaguar Land Rover.