Google’s Threat Intelligence Group has confirmed a security breach involving one of its corporate Salesforce databases, where hackers stole customer data using advanced voice phishing methods. The cyberattack was part of a broader social engineering campaign targeting several major companies through third-party software.
The group behind the attack has been identified as UNC6040, a financially driven cybercriminal cluster known for vishing or voice phishing schemes. The attackers impersonated I.T. support staff and manipulated a Google employee into granting access to the company’s Salesforce system. This allowed them to steal information before their access was revoked.
Google stated that the stolen data consisted of “basic and largely publicly available business information,” including names and contact details of its small and medium-sized business clients. No financial data or passwords were compromised. Google is just one among many organisations impacted by similar attacks. Other companies targeted in this campaign include Chanel, Pandora, Cisco, and subsidiaries of LVMH. These incidents raise serious concerns about the security risks linked to third-party platforms and the interconnected nature of corporate digital systems.
Further investigation by Google revealed that the attackers had initially used Salesforce’s Data Loader tool but later adopted custom Python scripts and accessed systems via TOR IP addresses to evade detection and make tracking difficult. The group, now being monitored under the name UNC6240, has reportedly begun contacting victims months after the breach, threatening to publish the stolen data unless ransoms are paid.
In response to the attacks, Salesforce clarified that its main platform was not compromised. It emphasised that the breaches were not caused by technical flaws but by social engineering tactics that tricked users. Salesforce has advised clients to adopt strict security practices, including enabling multi-factor authentication and regularly reviewing third-party applications connected to their systems.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
