The FBI and DHS/CISA have issued an alert about cybercriminal groups UNC6040 and UNC6395 targeting Salesforce data through vishing, API exploitation, and compromised OAuth tokens. Organizations are urged to enhance security measures, monitor for suspicious activity, and review indicators of compromise. #UNC6040 #UNC6395 #SalesforceSecurity
Keypoints
- Cybercriminal groups UNC6040 and UNC6395 are actively attacking Salesforce platforms.
- UNC6040 primarily uses vishing campaigns to trick call center employees into revealing credentials.
- Methods of attack include credential harvesting, API exploitation, and malicious connected apps.
- UNC6395 exploits compromised OAuth tokens linked to the Salesloft Drift application to exfiltrate data.
- Organizations are advised to deploy MFA, monitor API activity, and rotate third-party tokens for security.
Read More: https://securityonline.info/fbi-alert-two-cybercriminal-groups-are-actively-compromising-salesforce/