Do you use salesfors in your business? If so, you want to look out for a new fishing attack in which hackers aim to steal your salesforce data.
One in Blog post published on WednesdayGoogle’s Threat Intelligence Group wishs how attackers are using Vishing, or Voice Fishing, to provide employees to provide access to salesforce records. The target is to steal a large amount of confidential data in an attempt to remove the victims. It works like this.
Also: Clicked on a fishing link? To protect your accounts immediately to take 7 steps
The cyber criminal behind the campaign calls an unheard employee in a targeted business, implementing IT support personnel. During the call, the employee is instructed to go to an alleged salesforce setup page, where they are asked to download and install an application called salesforce data loader.
Data loader app is real And by connecting to the internal database, salesforce records are used to import, export or replace. But the version on the web page is a modified and controlled by the attackers.
Once the app is installed and connected, hackers can use, query and export sensitive salesforce records for their own devious purposes. Data exfIs usually occur immediately after receiving access by the group.
In some cases, the offender employee asks users for credentials and multi-factor authentication code, through which they can export salesforce data. The attackers use Mullvad VPN IP addresses to reach the SAlesforce atmosphere.
Also: 7 password rules security experts live in 2025 – final can surprise you
They will also sign in with the user names and passwords captured through credential harvesting or wishing. Armed with credentials, they can later move through a network where they capture data from other cloud-based platforms including Microsoft 365 and OKTA.
In its post, Google recognized the group behind the attack as UnC6040, which specializes in Voice Fishing as a form of social engineering. But UnC6040 cannot work alone.
For several months of the initial attack, the real occurs until often occurs. It can point to another cyber crime group, whose role is to mudge access to data according to Google. UNC6040 has also claimed to work with Hacking Group Shinoors to pressurize its victims to pay their victims.
Also: Is your Asus router part of a botnet? How to check – and what you can do
In addition, Google’s danger intelligence researchers have discovered other attacks similar to those staged by UNC6040. All these share some strategy, techniques and processes (TTPs), such as IT support in a wishing scam, targeting OCTA credentials and focusing on English speaking users in multinational companies. Dubbing this loose collective “The Com”, Google admitted that these similarities may mean that the attackers are working in the same community rather than joining the forces directly.
It is also important to note that the attacks do not stems from any weaknesses in salesforce or other cloud-based services. Rather, criminals take advantage of a familiar and always reliable social engineering strategy. In these cases, employees voluntarily apply a reliable or official entity to request an unknown collar requests. Despite all the staff warnings and training about fishing and vision, scammers know that they can still find someone who will take fodder.
Salesforce spokesperson said in a statement by ZDNET, “Salesforce has an enterprise-grade security manufactured in every part of our platform, and there is no indication on the issue that any degeneration has been described with any vulnerability inherent for our services.” “Attacks like Voice Fishing are targeted by social engineering scams designed to take advantage of intervals in cyber security awareness and best practices of individual users.
Both Google And Sales force Suggest for the protection of your data from these types of scams. These include allowing users only to allow the necessary permission for their roles, manage access to connected applications, apply multi-factor authentication, set up a limited range of reliable IP addresses for login, looking at available safety equipment. Salesforce shieldAnd add a specific safety contact to your organization.
Get top stories of morning with us in your inbox every day Tech Today Newsletter.
