Cybercriminals Misuse Corrupted Saleforce Software for Data Theft and Blackmail
In a recent blog post, Salesforce has urged its customers to strengthen their security measures, following reports of targeted attacks by a hacker group known as UNC6040.
UNC6040 has been impersonating IT workers and tricking employees into sharing sensitive credentials, allowing them to gain access to Salesforce instances for months. The attacks, which have been reported by the Google Threat Intelligence Group, also involve the use of an unauthorized, malicious version of the Salesforce Data Loader app for data theft.
The hackers have been able to move laterally within target networks, accessing other cloud services and internal corporate networks. The data thefts were followed by attempts at extortion, further highlighting the malicious intent of these attacks.
Salesforce has advised its customers to enable multifactor authentication, limit access privileges, and restrict login IP addresses to help secure their instances. These measures are aimed at preventing unauthorized access and reducing the risk of data breaches.
It's important to note that there is no indication these attacks are linked to any vulnerability in the Salesforce platform. Instead, they appear to be targeted social engineering scams, exploiting gaps in individual users' cybersecurity awareness and best practices.
While it isn't clear why Salesforce instances are being particularly targeted or how the hackers learned about the Salesforce tool, this incident serves as a reminder for all organisations to maintain vigilance and prioritise cybersecurity.
As always, it's crucial to stay informed about potential threats and to take proactive steps to protect your data and systems. Salesforce encourages its customers to keep their security measures up-to-date and to report any suspicious activity to their security teams.
Stay safe, and remember: cybersecurity is everyone's responsibility.
If you found this article helpful, consider subscribing to our newsletter for regular updates on cybersecurity and technology trends.
Salesforce urges customers to strengthen security measuresUNC6040 hackers target Salesforce instances for monthsData thefts followed by extortion attemptsAttacks likely financially motivatedNo indication of vulnerability in Salesforce platformAttacks use voice phishing and a malicious Data Loader appSalesforce advises enabling multifactor authentication, limiting access privileges, and restricting login IP addressesAttacks are targeted social engineering scamsWhy Salesforce instances are being targeted and how hackers learned about the tool remains unclearStay informed and prioritise cybersecurityCybersecurity is everyone's responsibility
