Once upon a time in the cyberspace, the Texas-based cybersecurity titan CrowdStrike discovered a mole deep inside their fortress.
An insider was caught playing double agent, feeding juicy internal details to a hyperactive hacking collective known as Scattered Lapsus$ Hunters.
This digital cabal bragged about infiltrating systems tied to Salesforce connections, primarily through a third-party called Gainsight.
The Betrayal
CrowdStrike didn’t waste time. The guilty employee was promptly booted after investigators confirmed he had been clandestinely sharing screenshots of sensitive company dashboards, including the very keys employees use to enter the kingdom’s most guarded apps.
All this leaked intel landed on Telegram, where Scattered Lapsus$ Hunters spread the spoils like a digital Robin Hood gang.
CrowdStrike’s Damage Control
CrowdStrike’s spokesperson Kevin Benacci reassured us mere mortals that the company’s systems were never directly hacked.
The breach was an insider blunder, not a cyber siege. CrowdStrike claims the mole’s screen sharing was unauthorized and insists customer data stayed out of harm’s way.
The ball got passed to law enforcement as the firm fast-tracked the insider’s expulsion.
Salesforce and Gainsight in the Crossfire
The ripple effect hit Salesforce, which admitted that a data breach impacted some customers via Gainsight’s customer support and analytics applications.
Google’s Threat Intelligence squad revealed over 200 Salesforce instances might be at risk.
The hacker gang’s bragging rights only grew louder, claiming they rocked several big-name corporate fortresses and promised an extortion website drop soon.
Meet Scattered Lapsus$ Hunters
This digital Hydra is a fusion of English-speaking hacker factions, ShinyHunters, Scattered Spider, and the original Lapsus$.
Their weapon of choice? Social engineering, tricking employees into handing over login details or approving sneaky authentication requests.
They proclaimed thieving over a billion records from Salesforce users, leaking treasure troves from companies like Allianz Life, Qantas, Stellantis, TransUnion, and others.
What’s Next?
The hackers have promised a new extortion site flooding the web with stolen Salesloft and Gainsight data.
CrowdStrike doubles down on security, Gainsight pulls back apps from marketplaces, and Salesforce warns customers to look out for suspicious activity. Brave new world.
Cryptocurrency and Web3 expert, founder of Kriptoworld
LinkedIn | X (Twitter) | More articles
With years of experience covering the blockchain space, András delivers insightful reporting on DeFi, tokenization, altcoins, and crypto regulations shaping the digital economy.
