--- title: "CrowdStrike confirms insider shared screenshots with hackers" id: "3793" type: "post" slug: "crowdstrike-confirms-insider-shared-screenshots-with-hackers" published_at: "2025-11-24T21:31:39+00:00" modified_at: "2026-03-26T10:51:39+00:00" url: "https://cyberixsafe.com/crowdstrike-confirms-insider-shared-screenshots-with-hackers/" markdown_url: "https://cyberixsafe.com/crowdstrike-confirms-insider-shared-screenshots-with-hackers.md" excerpt: "📅 November 24, 2025 | ⏱ 5 min read | 🔐 Category: Insider Threats CrowdStrike confirms insider shared screenshots with hackers CrowdStrike says it terminated an insider last month after confirming the individual shared screenshots of internal systems that later..." taxonomy_category: - "Uncategorized" --- [Skip to content](#content) # CrowdStrike confirms insider shared screenshots with hackers [Get a Quote](#) #### Table of Contents **Our Globally Recognized Certifications** [https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo01.png](https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo01.png) ISO 27001 certification badge demonstrating Cyberix managed security services is highly [https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo06.png](https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo06.png) SISA certification badge demonstrating Cyberix managed security services is highly [https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo05.png](https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo05.png) CASP+ certification badge demonstrating Cyberix managed security services is highly [https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo04.png](https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo04.png) CISSP certification badge demonstrating Cyberix managed security services is highly [https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo03.png](https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo03.png) SOC2 TYPE2 certification badge demonstrating Cyberix managed security services is highly [https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo02.png](https://cyberixsafe.com/wp-content/uploads/2024/12/globally-recognized-certifications-logo02.png) ISO 27032 certification badge demonstrating Cyberix managed security services is highly **Our Partners** [https://cyberixsafe.com/wp-content/uploads/2025/01/aws-logo-1.jpg](https://cyberixsafe.com/wp-content/uploads/2025/01/aws-logo-1.jpg) top cybersecurity consulting firms [https://cyberixsafe.com/wp-content/uploads/2025/01/azure-logo-1.jpg](https://cyberixsafe.com/wp-content/uploads/2025/01/azure-logo-1.jpg) top cybersecurity consulting firms [https://cyberixsafe.com/wp-content/uploads/2025/01/paloalto-logo-1.jpg](https://cyberixsafe.com/wp-content/uploads/2025/01/paloalto-logo-1.jpg) top cybersecurity consulting firms [https://cyberixsafe.com/wp-content/uploads/2025/01/crowdstrike-logo-1.jpg](https://cyberixsafe.com/wp-content/uploads/2025/01/crowdstrike-logo-1.jpg) top cybersecurity consulting firms [https://cyberixsafe.com/wp-content/uploads/2025/01/fortinet-logo-1.jpg](https://cyberixsafe.com/wp-content/uploads/2025/01/fortinet-logo-1.jpg) top cybersecurity consulting firms [https://cyberixsafe.com/wp-content/uploads/2025/01/google-cloud-logo.jpg](https://cyberixsafe.com/wp-content/uploads/2025/01/google-cloud-logo.jpg) cyber security companies in denver 📅 November 24, 2025 | ⏱ 5 min read | 🔐 Category: Insider Threats ## CrowdStrike confirms insider shared screenshots with hackers CrowdStrike says it terminated an insider last month after confirming the individual shared screenshots of internal systems that later appeared on a Telegram channel under the Scattered Lapsus$ Hunters banner. The company reports no breach of its environment, no customer impact, and that the case has been handed to law enforcement. Threat actors affiliated with ShinyHunters claim they offered the insider about $25,000 and received SSO cookies, but say the account was disabled before any meaningful use. They also boasted about trying to purchase internal reports related to their own operations. These CrowdStrike are adversary assertions and remain unverified. The screenshots posted appear to show internal dashboards and links, including identity access points, which can be useful for recon even if they don’t grant direct access. This CrowdStrike incident lands amid broader claims tied to the same ecosystem, including Salesforce-targeting activity and a pivot toward a RaaS model they’ve branded themselves. The group has circulated long lists of alleged victims; some named organizations have pushed back. For example, DocuSign said it found no indication of compromise following its review and disabled Gainsight integrations as a precaution. Expect more denials or confirmations as investigations conclude. The practical takeaway is straightforward. Treat internal UI context as sensitive, because it lowers the cost of targeted social engineering and token theft. Keep session lifetimes tight, bind tokens to device posture and network context, and alert on unusual cookie reuse or sudden MFA fatigue. Require managed devices for SSO access where feasible, apply step-up auth on risky signals, and move admin access to just‑in‑time elevation with full audit trails. For SaaS, right-size OAuth scopes for every connected app, keep an inventory, and be ready to revoke tokens and temporarily disable low-confidence integrations quickly. **Written by: Logan Elliott****Cyberix**[https://cyberixsafe.com](https://cyberixsafe.com) Nisar Nikzad Nisar is a Federal Contracting Expert and Cybersecurity Professional with nearly two decades of experience in Government procurement and Compliance. He is the founder and CEO of Cyberix, where he helps organizations navigate Federal acquisition requirements and cybersecurity challenges through practical, strategic solutions. [https://cyberixsafe.com/digital-forensics-incident-response-cyberix/](https://cyberixsafe.com/digital-forensics-incident-response-cyberix/) ## [Digital Forensics After a Cyberattack in 2026 : How Investigators Rebuild What Happened](https://cyberixsafe.com/digital-forensics-incident-response-cyberix/) [Read More](https://cyberixsafe.com/digital-forensics-incident-response-cyberix/) [https://cyberixsafe.com/post-exploitation-testing-hidden-business-risks/](https://cyberixsafe.com/post-exploitation-testing-hidden-business-risks/) ## [What Post-Exploitation Really Reveals About Your Business Risk](https://cyberixsafe.com/post-exploitation-testing-hidden-business-risks/) [Read More](https://cyberixsafe.com/post-exploitation-testing-hidden-business-risks/) [https://cyberixsafe.com/virtual-soc-for-financial-services/](https://cyberixsafe.com/virtual-soc-for-financial-services/) ## [Virtual SOC for Financial Services: Preventing Fraud and Breaches](https://cyberixsafe.com/virtual-soc-for-financial-services/) [Read More](https://cyberixsafe.com/virtual-soc-for-financial-services/)