A hacker group claimed to have gained access to CrowdStrike’s internal systems, showing screenshots to verify their access. While they claimed to have gained access by leveraging information from a separate breach, CrowdStrike fired a “suspicious insider” who shared pictures of their computer screen externally and has announced that their systems were never compromised. While the attackers claimed to have received SSO authentication cookies from the insider, CrowdStrike says that they had already discovered the insider and removed all access by that time.

While many breaches come from stolen credentials or phishing attacks, criminal gangs will also sometimes work with insiders to gain access to internal resources. This underscores the myriad of ways attackers use to gain access to systems and information and how organizations must be vigilant to prevent and catch such threats. CrowdStrike has provided the discovered information to law enforcement agencies.