This article discusses a widespread credential theft campaign that targeted Salesforce instances through the Salesloft Drift platform, affecting organizations like Palo Alto Networks and Zscaler. It highlights the rise in supply chain attacks and the importance of strong security practices to prevent data exfiltration. #Salesloft #UNC6395
Keypoints
- Salesloft reported a campaign exploiting OAuth credentials from August 8 to 18 to exfiltrate data from Salesforce instances.
- The threat actor, UNC6395, focused on stealing sensitive data such as AWS access keys, passwords, and Snowflake tokens.
- Palo Alto Networks and Zscaler confirmed they were affected by the supply chain attack, with limited data exposure.
- Salesforce removed the Drift application from the AppExchange to investigate the incident further.
- Supply chain attacks have doubled in recent months, emphasizing the need for enhanced third-party security measures.