Mandiant reveals a sophisticated voice phishing campaign targeting Salesforce accounts, alongside a growing trend of malware-based credential theft by Infostealers like Azorult and Lumma. These tactics enable long-term, covert access to critical business data, emphasizing the importance of layered cybersecurity defenses. #Mandiant #HudsonRock #SalesforceBreaches
Keypoints
- Threat actors are using social engineering and voice phishing to access Salesforce accounts.
- Infostealer malware can harvest credentials and session cookies for long-term access without immediate detection.
- The Coca-Cola breach in 2025 was likely facilitated by previous Infostealer infections dating back to 2020.
- Breaches at Tiffany and Adidas highlight the ongoing risk of malware-infected vendors and employees targeting Salesforce.
- Organizations should implement multi-layered protections, including MFA, credential monitoring, and endpoint detection systems.