The FBI has issued a warning about cybercriminal groups UNC6040 and UNC6395 targeting Salesforce platforms for data theft and extortion, using techniques like social engineering and compromised OAuth tokens. Organizations are advised to implement strong security measures, such as MFA, regular credential rotation, and monitoring API activity. #Unc6040 #Unc6395 #SalesforceThreats
Keypoints
- Cybercriminal groups UNC6040 and UNC6395 are increasingly attacking Salesforce systems for data theft and extortion.
- UNC6040 uses vishing, social engineering, and modified apps to access Salesforce data since October 2024.
- UNC6395 has exploited compromised OAuth tokens for the Salesloft Drift app to exfiltrate data.
- The FBI recommends enforcing MFA, reviewing third-party integrations, and monitoring API activity as cybersecurity measures.
- Organizations should regularly rotate API keys and credentials to mitigate the risk of targeted attacks.