Google Uncovers Cyber Campaign Targeting Salesforce Users

Google has recently uncovered a sophisticated cyber campaign targeting SalesforceCRM-- users, where hackers are impersonating IT support personnel to gain unauthorized access to companies' Salesforce tools. The hackers employ voice calls to deceive employees into visiting a fake Salesforce connected app setup page, where they approve an unauthorized, modified version of the app. This tactic allows the hackers to steal sensitive data and extort the affected companies.

The hacking group, identified as UNC6040, has been specifically targeting the Salesforce instances of companies for large-scale data theft and extortion. The group has been using fake Data Loader apps to compromise Salesforce users. The campaign has affected at least 20 companies across various industries, including hospitality and retail.

The hackers' method involves social engineering, where they pose as IT support to obtain login credentials and other sensitive information. Once they have access to the Salesforce tools, they can extract valuable data and use it for extortion purposes. The hackers have been claiming to be part of the ShinyHunters extortion group, adding to the complexity and severity of the threat.

Google's warning highlights the importance of vigilance and security measures in protecting against such attacks. Companies are advised to educate their employees on the risks of social engineering and to implement robust security protocols to prevent unauthorized access to their systems. The incident serves as a reminder of the evolving nature of cyber threats and the need for continuous monitoring and adaptation of security strategies.