FBI Shares IoCs for Recent Salesforce Intrusion Campaigns

The FBI has issued alerts about two malicious campaigns targeting Salesforce, involving data theft and extortion by threat actors UNC6040 and UNC6395. Organizations are advised to enhance security measures, including multi-factor authentication and monitoring third-party integrations. #UNC6040 #UNC6395 #SalesforceSecurity

Keypoints

The first campaign uses vishing to trick employees into granting access to Salesforce data.
Attackers guide victims to approve a modified Salesforce Data Loader application for data exfiltration.
Cybercriminals send extortion demands threatening to release stolen information unless paid in cryptocurrency.
The second campaign exploited OAuth tokens via Salesforce-Salesloft integration, impacting over 700 organizations.
Recommendations include implementing phishing-resistant MFA, monitoring logs, and vetting third-party integrations.

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print