The FBI has issued a FLASH alert warning about cyber threat groups UNC6040 and UNC6395 targeting Salesforce environments through different attack vectors, including social engineering and OAuth token theft. These campaigns have resulted in significant data breaches across major organizations, with hackers aiming to exfiltrate and extort sensitive customer and corporate information. #UNC6040 #UNC6395 #ShinyHunters #Lapsus #SalesforceSecurity
Keypoints
- Threat clusters UNC6040 and UNC6395 are targeting Salesforce platforms to steal data and extort victims.
- Cybercriminals use social engineering, vishing, and OAuth token theft to gain initial access.
- Major companies such as Google, Adidas, and Louis Vuitton have been affected by these attacks.
- The attackers exfiltrate sensitive data including customer information, credentials, and cloud secrets.
- The threat groups are linked to each other and have claimed to have accessed FBI and Google law enforcement systems.