Researchers from Google have uncovered a cybercriminal campaign by UNC6040, known as “The Com,” exploiting Salesforce’s Data Loader tool through social engineering to access and exfiltrate sensitive data from multiple organizations. The group’s tactics include impersonation over the phone and modified app installations, targeting sectors across the Americas and Europe. #UNC6040 #TheCom
Keypoints
- UNC6040 is exploiting legitimate Salesforce tools via social engineering to gain access.
- The campaign involves impersonating IT support and tricking employees into installing malicious apps.
- Attackers often exfiltrate data from Salesforce and then move laterally to other cloud services.
- Google indicates this is a targeted manipulation, not a flaw in Salesforce’s systems.
- Extortion demands may follow prolonged periods of data access, with possible future pressures on victims.
Read More: https://therecord.media/google-warns-cybercriminals-targeting-salesforce-apps