Google has revealed that one of its corporate Salesforce instances was targeted by threat actors, likely from the group tracked as UNC6040. This attack appears to be part of a larger campaign affecting several major companies.
The hackers obtained sensitive information, including contact details for small and medium businesses. Analysis showed that the data retrieved during the breach was limited to publicly available business information.
Google first warned of UNC6040’s threat in June, linking it to Scattered Spider and ShinyHunters. The attack on Google’s Salesforce instance has been linked to ShinyHunters, which is believed to be involved in extortion attempts.
Victims of the campaign receive calls or emails demanding payment in bitcoin within 72 hours. Thieves claim to be from ShinyHunters and may soon launch a data leak site (DLS) to pressure victims further.
Recent breaches at Adidas, Allianz Life, Cisco, Dior, Louis Vuitton, and Pandora have been linked to the same Salesforce hacking campaign. The attacks are not exploiting any vulnerabilities in Salesforce’s platform but rather using sophisticated phishing tactics.
Law enforcement has made arrests of alleged members from both ShinyHunters and Scattered Spider over the past year, suggesting that the group is being dismantled.
Source: https://www.securityweek.com/google-discloses-salesforce-hack