Google reports a breach of a Salesforce database managed by Google, exploited by the ShinyHunters group through social engineering and vishing tactics. The attackers primarily accessed publicly available business information and pose ongoing extortion threats using stolen data. #ShinyHunters #UNC6040
Keypoints
- The breach was caused by social engineering, specifically voice phishing, rather than a Salesforce vulnerability.
- Attackers used malicious applications disguised under legitimate names to exfiltrate data from Salesforce.
- Following the initial breach, a related group is engaged in extortion, demanding Bitcoin payments and threatening data leaks.
- Threat actors targeted IT staff and employed compromised third-party accounts to increase operational security.
- The incident underscores the importance of user vigilance, multifactor authentication, and robust access controls in cloud security.
Read More: https://thecyberexpress.com/google-salesforce-breach-by-unc6040-group/