#unc6040 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #unc6040, aggregated by home.social.
-
#Salesforce-Datenklau: Cybergangs erpressen namhafte Unternehmen auf Leaksite | heise online https://www.heise.de/news/Salesforce-Datenklau-Cybergangs-erpressen-namhafte-Unternehmen-auf-Leaksite-10726346.html #Datenschutz #privacy #DataLeak #Datenleck #SocialEngineering #ScatteredSpider #ScatteredLapsusHunters #ShinyHunters #Lapsus #unc6040
-
#Salesforce says it won’t pay #extortion demand in 1 billion records #breach
The threat group behind the campaign is calling itself #ScatteredLAPSUS$ Hunters, a mashup of three prolific data-extortion actors: #ScatteredSpider , #LAPSuS$ , and #ShinyHunters. #Mandiant, meanwhile, tracks the group as #UNC6040, because the researchers so far have been unable to positively identify the connections.
#privacy #security -
ShinyHunters Wage Broad Corporate Extortion Spree https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/ #ScatteredLAPSUS$Hunters #OracleEBusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #AustinLarsen #CVE202561882 #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395
-
ShinyHunters Wage Broad Corporate Extortion Spree https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/ #ScatteredLAPSUS$Hunters #OracleEBusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #AustinLarsen #CVE202561882 #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395
-
ShinyHunters Wage Broad Corporate Extortion Spree https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/ #ScatteredLAPSUS$Hunters #OracleEBusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #AustinLarsen #CVE202561882 #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395
-
ShinyHunters Wage Broad Corporate Extortion Spree https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/ #ScatteredLAPSUS$Hunters #OracleEBusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #AustinLarsen #CVE202561882 #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395
-
ShinyHunters Wage Broad Corporate Extortion Spree
https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
#ScatteredLAPSUS$Hunters #OracleE-BusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #CVE-2025-61882 #AustinLarsen #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395
-
ShinyHunters Wage Broad Corporate Extortion Spree
https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
#ScatteredLAPSUS$Hunters #OracleE-BusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #CVE-2025-61882 #AustinLarsen #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395
-
ShinyHunters Wage Broad Corporate Extortion Spree
https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
#ScatteredLAPSUS$Hunters #OracleE-BusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #CVE-2025-61882 #AustinLarsen #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395
-
ShinyHunters Wage Broad Corporate Extortion Spree
https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
#ScatteredLAPSUS$Hunters #OracleE-BusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #CVE-2025-61882 #AustinLarsen #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395
-
ShinyHunters Wage Broad Corporate Extortion Spree
https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
#ScatteredLAPSUS$Hunters #OracleE-BusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #CVE-2025-61882 #AustinLarsen #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395
-
Hacker behaupten: "Wir haben 1,5 Milliarden #Salesforce-Datensätze" - inside-it[.]ch https://www.inside-it.ch/hacker-behaupten-wir-haben-1%252C5-milliarden-salesforce-datensaetze-20250919 #Shinyhunters #SocialEngineering #ScatteredSpiders #UNC6040 #UNC6395 #Hacking #Datenschutz #privacy #DataLeak #Datenleck
-
"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.
[...]
In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.
ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."
Read more of Lawrence Abrams' great reporting on Bleeping Computer:
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/#Salesforce #Salesloft #Oauth #Drift #databreach #ransom #ShinyyHunters #ScatteredSpider #LAPSUS$ #UNC6040 #UNC6395
-
"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.
[...]
In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.
ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."
Read more of Lawrence Abrams' great reporting on Bleeping Computer:
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/#Salesforce #Salesloft #Oauth #Drift #databreach #ransom #ShinyyHunters #ScatteredSpider #LAPSUS$ #UNC6040 #UNC6395
-
"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.
[...]
In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.
ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."
Read more of Lawrence Abrams' great reporting on Bleeping Computer:
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/#Salesforce #Salesloft #Oauth #Drift #databreach #ransom #ShinyyHunters #ScatteredSpider #LAPSUS$ #UNC6040 #UNC6395
-
"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.
[...]
In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.
ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."
Read more of Lawrence Abrams' great reporting on Bleeping Computer:
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/#Salesforce #Salesloft #Oauth #Drift #databreach #ransom #ShinyyHunters #ScatteredSpider #LAPSUS$ #UNC6040 #UNC6395
-
"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.
[...]
In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.
ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."
Read more of Lawrence Abrams' great reporting on Bleeping Computer:
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/#Salesforce #Salesloft #Oauth #Drift #databreach #ransom #ShinyyHunters #ScatteredSpider #LAPSUS$ #UNC6040 #UNC6395
-
So many news reports have repeated the BBC's mistaken estimate about the number of customers affected by the Kering data breaches. So...
No, folks, it's not 7.4 million affected or fewer. It's a lot more because the BBC's estimate was based on just the second and smaller breach (Balenciaga, Brioni, and Alexander McQueen), and not the Gucci data which allegedly has more than 43 million records. Even assuming repeat customers are in there, there are likely a lot of unique customers in the Gucci data.
If we use the same percent based on 7.4 million out of almost 13 million recordsin the second data set, then that would yield 24-25 million unique email addresses for the Gucci data set, for an estimated total of more than 31 million customers all told.
I didn't estimate the number of unique customers in my reporting because it's too sloppy. But it's highly unlikely to be 7.4 million or fewer as BBC reported.
#Kering #Gucci #Balenciaga #Brioni #AlexanderMcQueen #databreach #Salesforce #ShinyHunters #UNC6040 #incidentresponse #transparency
-
So many news reports have repeated the BBC's mistaken estimate about the number of customers affected by the Kering data breaches. So...
No, folks, it's not 7.4 million affected or fewer. It's a lot more because the BBC's estimate was based on just the second and smaller breach (Balenciaga, Brioni, and Alexander McQueen), and not the Gucci data which allegedly has more than 43 million records. Even assuming repeat customers are in there, there are likely a lot of unique customers in the Gucci data.
If we use the same percent based on 7.4 million out of almost 13 million recordsin the second data set, then that would yield 24-25 million unique email addresses for the Gucci data set, for an estimated total of more than 31 million customers all told.
I didn't estimate the number of unique customers in my reporting because it's too sloppy. But it's highly unlikely to be 7.4 million or fewer as BBC reported.
#Kering #Gucci #Balenciaga #Brioni #AlexanderMcQueen #databreach #Salesforce #ShinyHunters #UNC6040 #incidentresponse #transparency
-
So many news reports have repeated the BBC's mistaken estimate about the number of customers affected by the Kering data breaches. So...
No, folks, it's not 7.4 million affected or fewer. It's a lot more because the BBC's estimate was based on just the second and smaller breach (Balenciaga, Brioni, and Alexander McQueen), and not the Gucci data which allegedly has more than 43 million records. Even assuming repeat customers are in there, there are likely a lot of unique customers in the Gucci data.
If we use the same percent based on 7.4 million out of almost 13 million recordsin the second data set, then that would yield 24-25 million unique email addresses for the Gucci data set, for an estimated total of more than 31 million customers all told.
I didn't estimate the number of unique customers in my reporting because it's too sloppy. But it's highly unlikely to be 7.4 million or fewer as BBC reported.
#Kering #Gucci #Balenciaga #Brioni #AlexanderMcQueen #databreach #Salesforce #ShinyHunters #UNC6040 #incidentresponse #transparency
-
So many news reports have repeated the BBC's mistaken estimate about the number of customers affected by the Kering data breaches. So...
No, folks, it's not 7.4 million affected or fewer. It's a lot more because the BBC's estimate was based on just the second and smaller breach (Balenciaga, Brioni, and Alexander McQueen), and not the Gucci data which allegedly has more than 43 million records. Even assuming repeat customers are in there, there are likely a lot of unique customers in the Gucci data.
If we use the same percent based on 7.4 million out of almost 13 million recordsin the second data set, then that would yield 24-25 million unique email addresses for the Gucci data set, for an estimated total of more than 31 million customers all told.
I didn't estimate the number of unique customers in my reporting because it's too sloppy. But it's highly unlikely to be 7.4 million or fewer as BBC reported.
#Kering #Gucci #Balenciaga #Brioni #AlexanderMcQueen #databreach #Salesforce #ShinyHunters #UNC6040 #incidentresponse #transparency
-
So many news reports have repeated the BBC's mistaken estimate about the number of customers affected by the Kering data breaches. So...
No, folks, it's not 7.4 million affected or fewer. It's a lot more because the BBC's estimate was based on just the second and smaller breach (Balenciaga, Brioni, and Alexander McQueen), and not the Gucci data which allegedly has more than 43 million records. Even assuming repeat customers are in there, there are likely a lot of unique customers in the Gucci data.
If we use the same percent based on 7.4 million out of almost 13 million recordsin the second data set, then that would yield 24-25 million unique email addresses for the Gucci data set, for an estimated total of more than 31 million customers all told.
I didn't estimate the number of unique customers in my reporting because it's too sloppy. But it's highly unlikely to be 7.4 million or fewer as BBC reported.
#Kering #Gucci #Balenciaga #Brioni #AlexanderMcQueen #databreach #Salesforce #ShinyHunters #UNC6040 #incidentresponse #transparency
-
Last week, I broke the story about Gucci and other Kering brands being hacked by ShinyHunters as part of the Salesforce campaign. In my reporting, I included chat logs and other exclusive details. You can read my original reporting here: https://databreaches.net/2025/09/11/exclusive-high-end-fashion-retailers-gucci-balenciaga-brion-and-alexander-mcqueen-hit-by-salesforce-attacks/
There is now an update that refutes Kering's reported claim today that they didn't have any conversations with the hackers. I also highlight their failures to be more transparent about the incidents:
https://databreaches.net/2025/09/15/update-kering-confirms-gucci-and-other-brands-hacked-claims-no-conversations-with-hackers/#databreach #Salesforce #ShinyHunters #Gucci #Brioni #Balenciaga #KERING #AlexanderMcQueen #UNC6040
-
Last week, I broke the story about Gucci and other Kering brands being hacked by ShinyHunters as part of the Salesforce campaign. In my reporting, I included chat logs and other exclusive details. You can read my original reporting here: https://databreaches.net/2025/09/11/exclusive-high-end-fashion-retailers-gucci-balenciaga-brion-and-alexander-mcqueen-hit-by-salesforce-attacks/
There is now an update that refutes Kering's reported claim today that they didn't have any conversations with the hackers. I also highlight their failures to be more transparent about the incidents:
https://databreaches.net/2025/09/15/update-kering-confirms-gucci-and-other-brands-hacked-claims-no-conversations-with-hackers/#databreach #Salesforce #ShinyHunters #Gucci #Brioni #Balenciaga #KERING #AlexanderMcQueen #UNC6040
-
Last week, I broke the story about Gucci and other Kering brands being hacked by ShinyHunters as part of the Salesforce campaign. In my reporting, I included chat logs and other exclusive details. You can read my original reporting here: https://databreaches.net/2025/09/11/exclusive-high-end-fashion-retailers-gucci-balenciaga-brion-and-alexander-mcqueen-hit-by-salesforce-attacks/
There is now an update that refutes Kering's reported claim today that they didn't have any conversations with the hackers. I also highlight their failures to be more transparent about the incidents:
https://databreaches.net/2025/09/15/update-kering-confirms-gucci-and-other-brands-hacked-claims-no-conversations-with-hackers/#databreach #Salesforce #ShinyHunters #Gucci #Brioni #Balenciaga #KERING #AlexanderMcQueen #UNC6040
-
Last week, I broke the story about Gucci and other Kering brands being hacked by ShinyHunters as part of the Salesforce campaign. In my reporting, I included chat logs and other exclusive details. You can read my original reporting here: https://databreaches.net/2025/09/11/exclusive-high-end-fashion-retailers-gucci-balenciaga-brion-and-alexander-mcqueen-hit-by-salesforce-attacks/
There is now an update that refutes Kering's reported claim today that they didn't have any conversations with the hackers. I also highlight their failures to be more transparent about the incidents:
https://databreaches.net/2025/09/15/update-kering-confirms-gucci-and-other-brands-hacked-claims-no-conversations-with-hackers/#databreach #Salesforce #ShinyHunters #Gucci #Brioni #Balenciaga #KERING #AlexanderMcQueen #UNC6040
-
Last week, I broke the story about Gucci and other Kering brands being hacked by ShinyHunters as part of the Salesforce campaign. In my reporting, I included chat logs and other exclusive details. You can read my original reporting here: https://databreaches.net/2025/09/11/exclusive-high-end-fashion-retailers-gucci-balenciaga-brion-and-alexander-mcqueen-hit-by-salesforce-attacks/
There is now an update that refutes Kering's reported claim today that they didn't have any conversations with the hackers. I also highlight their failures to be more transparent about the incidents:
https://databreaches.net/2025/09/15/update-kering-confirms-gucci-and-other-brands-hacked-claims-no-conversations-with-hackers/#databreach #Salesforce #ShinyHunters #Gucci #Brioni #Balenciaga #KERING #AlexanderMcQueen #UNC6040
-
Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion
#UNC6040 #UNC6395
https://www.ic3.gov/CSA/2025/250912.pdf -
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/
#GoogleThreatIntelligenceGroup #ALittleSunshine #CharlesCarmakal #ScatteredSpider #LatestWarnings #TheComingStorm #SalesloftDrift #DataBreaches #AustinLarsen #JoshuaWright #ShinyHunters #CounterHack #Salesforce #AlanLiska #Mandiant #UNC6040 #UNC6395 #google
-
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/
#GoogleThreatIntelligenceGroup #ALittleSunshine #CharlesCarmakal #ScatteredSpider #LatestWarnings #TheComingStorm #SalesloftDrift #DataBreaches #AustinLarsen #JoshuaWright #ShinyHunters #CounterHack #Salesforce #AlanLiska #Mandiant #UNC6040 #UNC6395 #google
-
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/
#GoogleThreatIntelligenceGroup #ALittleSunshine #CharlesCarmakal #ScatteredSpider #LatestWarnings #TheComingStorm #SalesloftDrift #DataBreaches #AustinLarsen #JoshuaWright #ShinyHunters #CounterHack #Salesforce #AlanLiska #Mandiant #UNC6040 #UNC6395 #google
-
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/
#GoogleThreatIntelligenceGroup #ALittleSunshine #CharlesCarmakal #ScatteredSpider #LatestWarnings #TheComingStorm #SalesloftDrift #DataBreaches #AustinLarsen #JoshuaWright #ShinyHunters #CounterHack #Salesforce #AlanLiska #Mandiant #UNC6040 #UNC6395 #google
-
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/
#GoogleThreatIntelligenceGroup #ALittleSunshine #CharlesCarmakal #ScatteredSpider #LatestWarnings #TheComingStorm #SalesloftDrift #DataBreaches #AustinLarsen #JoshuaWright #ShinyHunters #CounterHack #Salesforce #AlanLiska #Mandiant #UNC6040 #UNC6395 #google
-
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/ #GoogleThreatIntelligenceGroup #ALittleSunshine #CharlesCarmakal #ScatteredSpider #LatestWarnings #TheComingStorm #SalesloftDrift #DataBreaches #AustinLarsen #JoshuaWright #ShinyHunters #CounterHack #Salesforce #AlanLiska #Mandiant #UNC6040 #UNC6395 #google
-
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/ #GoogleThreatIntelligenceGroup #ALittleSunshine #CharlesCarmakal #ScatteredSpider #LatestWarnings #TheComingStorm #SalesloftDrift #DataBreaches #AustinLarsen #JoshuaWright #ShinyHunters #CounterHack #Salesforce #AlanLiska #Mandiant #UNC6040 #UNC6395 #google
-
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/ #GoogleThreatIntelligenceGroup #ALittleSunshine #CharlesCarmakal #ScatteredSpider #LatestWarnings #TheComingStorm #SalesloftDrift #DataBreaches #AustinLarsen #JoshuaWright #ShinyHunters #CounterHack #Salesforce #AlanLiska #Mandiant #UNC6040 #UNC6395 #google
-
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/ #GoogleThreatIntelligenceGroup #ALittleSunshine #CharlesCarmakal #ScatteredSpider #LatestWarnings #TheComingStorm #SalesloftDrift #DataBreaches #AustinLarsen #JoshuaWright #ShinyHunters #CounterHack #Salesforce #AlanLiska #Mandiant #UNC6040 #UNC6395 #google
-
I find the ShinyHunters (UNC6040/UNC6240) Salesforce Campaign really interesting, because it highlights the impact of two key threat vectors/types that - in my conversations , at least - aren't being accounted for by traditional TI teams.
1. Data Theft & Extorsion Actors
2. Actors capitalising on 3rd Party Platform ApplicationsCurious to know - do your orgs track and threat model opportunistic Data Theft and Extorsion Actors, or just focus on the APTs and ransomware groups of the world?
The largest ransom payment in history was $75 million to the Dark Angels Ransomware group in 2024, purportedly by pharma giant Cencora. With 27TB of corporate data stolen from the org and no mention of ransomware being deployed, the eye-watering payment was to prevent leaking/sale of the stolen data which included customer "names, addresses, dates of birth, diagnoses, prescriptions and medications."
The group weren't well known prior to the attack, and the absence of ransomware being deployed highlights the need to prioritise the identification and protection of sensitive data and customer PII - agnostic of whatever group might seek to target it.
Also, we're all aware of Malicious OAuth applications in o365, but are your orgs aware of; monitoring, and locking down 3rd party platform integrations?
For those unaware of the campaign, here's the AI-generated TLDR of a Google report in the activity: Https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
Threat Summary: UNC6040/ShinyHunters Voice Phishing and Data Extortion Campaign
Key Points & Technical Summary:
A financially motivated threat cluster, tracked by Google as UNC6040, has been conducting a widespread campaign targeting organizations' Salesforce CRM instances. The campaign's primary objective is large-scale data theft for the purpose of extortion, which is carried out by a related cluster, UNC6240. This group often uses the moniker ShinyHunters in their communications with victims.
The core of the attack vector is a sophisticated voice phishing (vishing) campaign. The threat actors impersonate corporate IT support personnel in phone calls to employees of the targeted organization.
The primary technical steps of the attack are as follows:
* Social Engineering: The actor guides the targeted employee to Salesforce's connected app setup page.
* Malicious App Authorization: The employee is convinced to authorize a malicious version of the "Data Loader" application. This is done by having the employee enter a connection code provided by the attacker, which links the attacker-controlled application to the victim's Salesforce environment.
* Data Exfiltration: Once the malicious app is authorized, UNC6040 gains significant API access, allowing them to query and exfiltrate sensitive data from the Salesforce instance. While initially leveraging modified versions of the Salesforce Data Loader, the group has evolved its tooling to include custom Python-based scripts for data extraction.
* Anonymization: The attackers utilize services like Mullvad VPN and TOR exit nodes to initiate the vishing calls and for data exfiltration, complicating attribution and tracking efforts.
* Extortion: Following the data theft, UNC6240 initiates contact with the victim organization, demanding a ransom payment in Bitcoin, typically within a 72-hour timeframe, to prevent the public release of the stolen data. The group is also reportedly preparing to launch a dedicated data leak site to increase pressure on victims.Additional Context & Related Activity
Activity Cluster:
The activity is attributed to the cluster pair UNC6040 (initial access and data theft) and UNC6240 (extortion). This group leverages the reputation of the well-known ShinyHunters extortion group to intimidate victims. The cluster is financially motivated and has demonstrated a growing sophistication in its social engineering tactics and technical tooling.
Other Compromises & Targets:
This campaign has impacted numerous high-profile organizations across various sectors. Besides Google, other publicly confirmed victims of this campaign include:
* Cisco
* Chanel
* AdidasThe targeting appears to be opportunistic, focusing on multinational corporations that are heavy users of Salesforce CRM. There has been an initial focus on English-speaking employees.
Techniques & TTPs:
Beyond the core vishing-to-malicious-app-authorization chain, other observed Tactics, Techniques, and Procedures (TTPs) include:
* Credential Targeting: In some cases, the actors have targeted Okta credentials, likely obtained through prior infostealer malware infections or separate phishing campaigns.
* Lateral Movement: Using compromised credentials, the actors have been observed moving laterally within victim networks to access and exfiltrate data from other systems, including Microsoft 365.
* Reconnaissance: The group conducts thorough reconnaissance to craft convincing narratives, identifying internal application names and IT support procedures to make their vishing calls more credible.Timeline:
* June 4, 2025: Google's Threat Intelligence Group (GTIG) first publishes a warning about the rise in vishing and extortion activity targeting Salesforce customers, designating the threat actor as UNC6040.
* June 2025: Google becomes a victim of the same campaign, with one of its own corporate Salesforce instances being breached. The compromised data was related to small and medium-sized business contacts.
* July 24, 2025: Cisco identifies a similar breach of its CRM system resulting from a vishing attack.
* Early August 2025: Google, Cisco, and other victims publicly disclose the breaches. Google updates its original blog post to include the fact that it was also a victim. Extortion demands from UNC6240/ShinyHunters follow these disclosures.#CyberSecurity #ThreatIntelligence #ShinyHunters #DataExtortion #SalesforceSecurity #Vishing #ThirdPartyRisk #ThreatModeling #IncidentResponse #UNC6040 #UNC6240 #Ransomware #Salesforce #InformationSecurity #Infosec #Cybersec #ThreatIntel
#Cisco #Google #CyberAttack -
I find the ShinyHunters (UNC6040/UNC6240) Salesforce Campaign really interesting, because it highlights the impact of two key threat vectors/types that - in my conversations , at least - aren't being accounted for by traditional TI teams.
1. Data Theft & Extorsion Actors
2. Actors capitalising on 3rd Party Platform ApplicationsCurious to know - do your orgs track and threat model opportunistic Data Theft and Extorsion Actors, or just focus on the APTs and ransomware groups of the world?
The largest ransom payment in history was $75 million to the Dark Angels Ransomware group in 2024, purportedly by pharma giant Cencora. With 27TB of corporate data stolen from the org and no mention of ransomware being deployed, the eye-watering payment was to prevent leaking/sale of the stolen data which included customer "names, addresses, dates of birth, diagnoses, prescriptions and medications."
The group weren't well known prior to the attack, and the absence of ransomware being deployed highlights the need to prioritise the identification and protection of sensitive data and customer PII - agnostic of whatever group might seek to target it.
Also, we're all aware of Malicious OAuth applications in o365, but are your orgs aware of; monitoring, and locking down 3rd party platform integrations?
For those unaware of the campaign, here's the AI-generated TLDR of a Google report in the activity: Https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
Threat Summary: UNC6040/ShinyHunters Voice Phishing and Data Extortion Campaign
Key Points & Technical Summary:
A financially motivated threat cluster, tracked by Google as UNC6040, has been conducting a widespread campaign targeting organizations' Salesforce CRM instances. The campaign's primary objective is large-scale data theft for the purpose of extortion, which is carried out by a related cluster, UNC6240. This group often uses the moniker ShinyHunters in their communications with victims.
The core of the attack vector is a sophisticated voice phishing (vishing) campaign. The threat actors impersonate corporate IT support personnel in phone calls to employees of the targeted organization.
The primary technical steps of the attack are as follows:
* Social Engineering: The actor guides the targeted employee to Salesforce's connected app setup page.
* Malicious App Authorization: The employee is convinced to authorize a malicious version of the "Data Loader" application. This is done by having the employee enter a connection code provided by the attacker, which links the attacker-controlled application to the victim's Salesforce environment.
* Data Exfiltration: Once the malicious app is authorized, UNC6040 gains significant API access, allowing them to query and exfiltrate sensitive data from the Salesforce instance. While initially leveraging modified versions of the Salesforce Data Loader, the group has evolved its tooling to include custom Python-based scripts for data extraction.
* Anonymization: The attackers utilize services like Mullvad VPN and TOR exit nodes to initiate the vishing calls and for data exfiltration, complicating attribution and tracking efforts.
* Extortion: Following the data theft, UNC6240 initiates contact with the victim organization, demanding a ransom payment in Bitcoin, typically within a 72-hour timeframe, to prevent the public release of the stolen data. The group is also reportedly preparing to launch a dedicated data leak site to increase pressure on victims.Additional Context & Related Activity
Activity Cluster:
The activity is attributed to the cluster pair UNC6040 (initial access and data theft) and UNC6240 (extortion). This group leverages the reputation of the well-known ShinyHunters extortion group to intimidate victims. The cluster is financially motivated and has demonstrated a growing sophistication in its social engineering tactics and technical tooling.
Other Compromises & Targets:
This campaign has impacted numerous high-profile organizations across various sectors. Besides Google, other publicly confirmed victims of this campaign include:
* Cisco
* Chanel
* AdidasThe targeting appears to be opportunistic, focusing on multinational corporations that are heavy users of Salesforce CRM. There has been an initial focus on English-speaking employees.
Techniques & TTPs:
Beyond the core vishing-to-malicious-app-authorization chain, other observed Tactics, Techniques, and Procedures (TTPs) include:
* Credential Targeting: In some cases, the actors have targeted Okta credentials, likely obtained through prior infostealer malware infections or separate phishing campaigns.
* Lateral Movement: Using compromised credentials, the actors have been observed moving laterally within victim networks to access and exfiltrate data from other systems, including Microsoft 365.
* Reconnaissance: The group conducts thorough reconnaissance to craft convincing narratives, identifying internal application names and IT support procedures to make their vishing calls more credible.Timeline:
* June 4, 2025: Google's Threat Intelligence Group (GTIG) first publishes a warning about the rise in vishing and extortion activity targeting Salesforce customers, designating the threat actor as UNC6040.
* June 2025: Google becomes a victim of the same campaign, with one of its own corporate Salesforce instances being breached. The compromised data was related to small and medium-sized business contacts.
* July 24, 2025: Cisco identifies a similar breach of its CRM system resulting from a vishing attack.
* Early August 2025: Google, Cisco, and other victims publicly disclose the breaches. Google updates its original blog post to include the fact that it was also a victim. Extortion demands from UNC6240/ShinyHunters follow these disclosures.#CyberSecurity #ThreatIntelligence #ShinyHunters #DataExtortion #SalesforceSecurity #Vishing #ThirdPartyRisk #ThreatModeling #IncidentResponse #UNC6040 #UNC6240 #Ransomware #Salesforce #InformationSecurity #Infosec #Cybersec #ThreatIntel
#Cisco #Google #CyberAttack -
I find the ShinyHunters (UNC6040/UNC6240) Salesforce Campaign really interesting, because it highlights the impact of two key threat vectors/types that - in my conversations , at least - aren't being accounted for by traditional TI teams.
1. Data Theft & Extorsion Actors
2. Actors capitalising on 3rd Party Platform ApplicationsCurious to know - do your orgs track and threat model opportunistic Data Theft and Extorsion Actors, or just focus on the APTs and ransomware groups of the world?
The largest ransom payment in history was $75 million to the Dark Angels Ransomware group in 2024, purportedly by pharma giant Cencora. With 27TB of corporate data stolen from the org and no mention of ransomware being deployed, the eye-watering payment was to prevent leaking/sale of the stolen data which included customer "names, addresses, dates of birth, diagnoses, prescriptions and medications."
The group weren't well known prior to the attack, and the absence of ransomware being deployed highlights the need to prioritise the identification and protection of sensitive data and customer PII - agnostic of whatever group might seek to target it.
Also, we're all aware of Malicious OAuth applications in o365, but are your orgs aware of; monitoring, and locking down 3rd party platform integrations?
For those unaware of the campaign, here's the AI-generated TLDR of a Google report in the activity: Https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
Threat Summary: UNC6040/ShinyHunters Voice Phishing and Data Extortion Campaign
Key Points & Technical Summary:
A financially motivated threat cluster, tracked by Google as UNC6040, has been conducting a widespread campaign targeting organizations' Salesforce CRM instances. The campaign's primary objective is large-scale data theft for the purpose of extortion, which is carried out by a related cluster, UNC6240. This group often uses the moniker ShinyHunters in their communications with victims.
The core of the attack vector is a sophisticated voice phishing (vishing) campaign. The threat actors impersonate corporate IT support personnel in phone calls to employees of the targeted organization.
The primary technical steps of the attack are as follows:
* Social Engineering: The actor guides the targeted employee to Salesforce's connected app setup page.
* Malicious App Authorization: The employee is convinced to authorize a malicious version of the "Data Loader" application. This is done by having the employee enter a connection code provided by the attacker, which links the attacker-controlled application to the victim's Salesforce environment.
* Data Exfiltration: Once the malicious app is authorized, UNC6040 gains significant API access, allowing them to query and exfiltrate sensitive data from the Salesforce instance. While initially leveraging modified versions of the Salesforce Data Loader, the group has evolved its tooling to include custom Python-based scripts for data extraction.
* Anonymization: The attackers utilize services like Mullvad VPN and TOR exit nodes to initiate the vishing calls and for data exfiltration, complicating attribution and tracking efforts.
* Extortion: Following the data theft, UNC6240 initiates contact with the victim organization, demanding a ransom payment in Bitcoin, typically within a 72-hour timeframe, to prevent the public release of the stolen data. The group is also reportedly preparing to launch a dedicated data leak site to increase pressure on victims.Additional Context & Related Activity
Activity Cluster:
The activity is attributed to the cluster pair UNC6040 (initial access and data theft) and UNC6240 (extortion). This group leverages the reputation of the well-known ShinyHunters extortion group to intimidate victims. The cluster is financially motivated and has demonstrated a growing sophistication in its social engineering tactics and technical tooling.
Other Compromises & Targets:
This campaign has impacted numerous high-profile organizations across various sectors. Besides Google, other publicly confirmed victims of this campaign include:
* Cisco
* Chanel
* AdidasThe targeting appears to be opportunistic, focusing on multinational corporations that are heavy users of Salesforce CRM. There has been an initial focus on English-speaking employees.
Techniques & TTPs:
Beyond the core vishing-to-malicious-app-authorization chain, other observed Tactics, Techniques, and Procedures (TTPs) include:
* Credential Targeting: In some cases, the actors have targeted Okta credentials, likely obtained through prior infostealer malware infections or separate phishing campaigns.
* Lateral Movement: Using compromised credentials, the actors have been observed moving laterally within victim networks to access and exfiltrate data from other systems, including Microsoft 365.
* Reconnaissance: The group conducts thorough reconnaissance to craft convincing narratives, identifying internal application names and IT support procedures to make their vishing calls more credible.Timeline:
* June 4, 2025: Google's Threat Intelligence Group (GTIG) first publishes a warning about the rise in vishing and extortion activity targeting Salesforce customers, designating the threat actor as UNC6040.
* June 2025: Google becomes a victim of the same campaign, with one of its own corporate Salesforce instances being breached. The compromised data was related to small and medium-sized business contacts.
* July 24, 2025: Cisco identifies a similar breach of its CRM system resulting from a vishing attack.
* Early August 2025: Google, Cisco, and other victims publicly disclose the breaches. Google updates its original blog post to include the fact that it was also a victim. Extortion demands from UNC6240/ShinyHunters follow these disclosures.#CyberSecurity #ThreatIntelligence #ShinyHunters #DataExtortion #SalesforceSecurity #Vishing #ThirdPartyRisk #ThreatModeling #IncidentResponse #UNC6040 #UNC6240 #Ransomware #Salesforce #InformationSecurity #Infosec #Cybersec #ThreatIntel
#Cisco #Google #CyberAttack -
I find the ShinyHunters (UNC6040/UNC6240) Salesforce Campaign really interesting, because it highlights the impact of two key threat vectors/types that - in my conversations , at least - aren't being accounted for by traditional TI teams.
1. Data Theft & Extorsion Actors
2. Actors capitalising on 3rd Party Platform ApplicationsCurious to know - do your orgs track and threat model opportunistic Data Theft and Extorsion Actors, or just focus on the APTs and ransomware groups of the world?
The largest ransom payment in history was $75 million to the Dark Angels Ransomware group in 2024, purportedly by pharma giant Cencora. With 27TB of corporate data stolen from the org and no mention of ransomware being deployed, the eye-watering payment was to prevent leaking/sale of the stolen data which included customer "names, addresses, dates of birth, diagnoses, prescriptions and medications."
The group weren't well known prior to the attack, and the absence of ransomware being deployed highlights the need to prioritise the identification and protection of sensitive data and customer PII - agnostic of whatever group might seek to target it.
Also, we're all aware of Malicious OAuth applications in o365, but are your orgs aware of; monitoring, and locking down 3rd party platform integrations?
For those unaware of the campaign, here's the AI-generated TLDR of a Google report in the activity: Https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
Threat Summary: UNC6040/ShinyHunters Voice Phishing and Data Extortion Campaign
Key Points & Technical Summary:
A financially motivated threat cluster, tracked by Google as UNC6040, has been conducting a widespread campaign targeting organizations' Salesforce CRM instances. The campaign's primary objective is large-scale data theft for the purpose of extortion, which is carried out by a related cluster, UNC6240. This group often uses the moniker ShinyHunters in their communications with victims.
The core of the attack vector is a sophisticated voice phishing (vishing) campaign. The threat actors impersonate corporate IT support personnel in phone calls to employees of the targeted organization.
The primary technical steps of the attack are as follows:
* Social Engineering: The actor guides the targeted employee to Salesforce's connected app setup page.
* Malicious App Authorization: The employee is convinced to authorize a malicious version of the "Data Loader" application. This is done by having the employee enter a connection code provided by the attacker, which links the attacker-controlled application to the victim's Salesforce environment.
* Data Exfiltration: Once the malicious app is authorized, UNC6040 gains significant API access, allowing them to query and exfiltrate sensitive data from the Salesforce instance. While initially leveraging modified versions of the Salesforce Data Loader, the group has evolved its tooling to include custom Python-based scripts for data extraction.
* Anonymization: The attackers utilize services like Mullvad VPN and TOR exit nodes to initiate the vishing calls and for data exfiltration, complicating attribution and tracking efforts.
* Extortion: Following the data theft, UNC6240 initiates contact with the victim organization, demanding a ransom payment in Bitcoin, typically within a 72-hour timeframe, to prevent the public release of the stolen data. The group is also reportedly preparing to launch a dedicated data leak site to increase pressure on victims.Additional Context & Related Activity
Activity Cluster:
The activity is attributed to the cluster pair UNC6040 (initial access and data theft) and UNC6240 (extortion). This group leverages the reputation of the well-known ShinyHunters extortion group to intimidate victims. The cluster is financially motivated and has demonstrated a growing sophistication in its social engineering tactics and technical tooling.
Other Compromises & Targets:
This campaign has impacted numerous high-profile organizations across various sectors. Besides Google, other publicly confirmed victims of this campaign include:
* Cisco
* Chanel
* AdidasThe targeting appears to be opportunistic, focusing on multinational corporations that are heavy users of Salesforce CRM. There has been an initial focus on English-speaking employees.
Techniques & TTPs:
Beyond the core vishing-to-malicious-app-authorization chain, other observed Tactics, Techniques, and Procedures (TTPs) include:
* Credential Targeting: In some cases, the actors have targeted Okta credentials, likely obtained through prior infostealer malware infections or separate phishing campaigns.
* Lateral Movement: Using compromised credentials, the actors have been observed moving laterally within victim networks to access and exfiltrate data from other systems, including Microsoft 365.
* Reconnaissance: The group conducts thorough reconnaissance to craft convincing narratives, identifying internal application names and IT support procedures to make their vishing calls more credible.Timeline:
* June 4, 2025: Google's Threat Intelligence Group (GTIG) first publishes a warning about the rise in vishing and extortion activity targeting Salesforce customers, designating the threat actor as UNC6040.
* June 2025: Google becomes a victim of the same campaign, with one of its own corporate Salesforce instances being breached. The compromised data was related to small and medium-sized business contacts.
* July 24, 2025: Cisco identifies a similar breach of its CRM system resulting from a vishing attack.
* Early August 2025: Google, Cisco, and other victims publicly disclose the breaches. Google updates its original blog post to include the fact that it was also a victim. Extortion demands from UNC6240/ShinyHunters follow these disclosures.#CyberSecurity #ThreatIntelligence #ShinyHunters #DataExtortion #SalesforceSecurity #Vishing #ThirdPartyRisk #ThreatModeling #IncidentResponse #UNC6040 #UNC6240 #Ransomware #Salesforce #InformationSecurity #Infosec #Cybersec #ThreatIntel
#Cisco #Google #CyberAttack -
I find the ShinyHunters (UNC6040/UNC6240) Salesforce Campaign really interesting, because it highlights the impact of two key threat vectors/types that - in my conversations , at least - aren't being accounted for by traditional TI teams.
1. Data Theft & Extorsion Actors
2. Actors capitalising on 3rd Party Platform ApplicationsCurious to know - do your orgs track and threat model opportunistic Data Theft and Extorsion Actors, or just focus on the APTs and ransomware groups of the world?
The largest ransom payment in history was $75 million to the Dark Angels Ransomware group in 2024, purportedly by pharma giant Cencora. With 27TB of corporate data stolen from the org and no mention of ransomware being deployed, the eye-watering payment was to prevent leaking/sale of the stolen data which included customer "names, addresses, dates of birth, diagnoses, prescriptions and medications."
The group weren't well known prior to the attack, and the absence of ransomware being deployed highlights the need to prioritise the identification and protection of sensitive data and customer PII - agnostic of whatever group might seek to target it.
Also, we're all aware of Malicious OAuth applications in o365, but are your orgs aware of; monitoring, and locking down 3rd party platform integrations?
For those unaware of the campaign, here's the AI-generated TLDR of a Google report in the activity: Https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
Threat Summary: UNC6040/ShinyHunters Voice Phishing and Data Extortion Campaign
Key Points & Technical Summary:
A financially motivated threat cluster, tracked by Google as UNC6040, has been conducting a widespread campaign targeting organizations' Salesforce CRM instances. The campaign's primary objective is large-scale data theft for the purpose of extortion, which is carried out by a related cluster, UNC6240. This group often uses the moniker ShinyHunters in their communications with victims.
The core of the attack vector is a sophisticated voice phishing (vishing) campaign. The threat actors impersonate corporate IT support personnel in phone calls to employees of the targeted organization.
The primary technical steps of the attack are as follows:
* Social Engineering: The actor guides the targeted employee to Salesforce's connected app setup page.
* Malicious App Authorization: The employee is convinced to authorize a malicious version of the "Data Loader" application. This is done by having the employee enter a connection code provided by the attacker, which links the attacker-controlled application to the victim's Salesforce environment.
* Data Exfiltration: Once the malicious app is authorized, UNC6040 gains significant API access, allowing them to query and exfiltrate sensitive data from the Salesforce instance. While initially leveraging modified versions of the Salesforce Data Loader, the group has evolved its tooling to include custom Python-based scripts for data extraction.
* Anonymization: The attackers utilize services like Mullvad VPN and TOR exit nodes to initiate the vishing calls and for data exfiltration, complicating attribution and tracking efforts.
* Extortion: Following the data theft, UNC6240 initiates contact with the victim organization, demanding a ransom payment in Bitcoin, typically within a 72-hour timeframe, to prevent the public release of the stolen data. The group is also reportedly preparing to launch a dedicated data leak site to increase pressure on victims.Additional Context & Related Activity
Activity Cluster:
The activity is attributed to the cluster pair UNC6040 (initial access and data theft) and UNC6240 (extortion). This group leverages the reputation of the well-known ShinyHunters extortion group to intimidate victims. The cluster is financially motivated and has demonstrated a growing sophistication in its social engineering tactics and technical tooling.
Other Compromises & Targets:
This campaign has impacted numerous high-profile organizations across various sectors. Besides Google, other publicly confirmed victims of this campaign include:
* Cisco
* Chanel
* AdidasThe targeting appears to be opportunistic, focusing on multinational corporations that are heavy users of Salesforce CRM. There has been an initial focus on English-speaking employees.
Techniques & TTPs:
Beyond the core vishing-to-malicious-app-authorization chain, other observed Tactics, Techniques, and Procedures (TTPs) include:
* Credential Targeting: In some cases, the actors have targeted Okta credentials, likely obtained through prior infostealer malware infections or separate phishing campaigns.
* Lateral Movement: Using compromised credentials, the actors have been observed moving laterally within victim networks to access and exfiltrate data from other systems, including Microsoft 365.
* Reconnaissance: The group conducts thorough reconnaissance to craft convincing narratives, identifying internal application names and IT support procedures to make their vishing calls more credible.Timeline:
* June 4, 2025: Google's Threat Intelligence Group (GTIG) first publishes a warning about the rise in vishing and extortion activity targeting Salesforce customers, designating the threat actor as UNC6040.
* June 2025: Google becomes a victim of the same campaign, with one of its own corporate Salesforce instances being breached. The compromised data was related to small and medium-sized business contacts.
* July 24, 2025: Cisco identifies a similar breach of its CRM system resulting from a vishing attack.
* Early August 2025: Google, Cisco, and other victims publicly disclose the breaches. Google updates its original blog post to include the fact that it was also a victim. Extortion demands from UNC6240/ShinyHunters follow these disclosures.#CyberSecurity #ThreatIntelligence #ShinyHunters #DataExtortion #SalesforceSecurity #Vishing #ThirdPartyRisk #ThreatModeling #IncidentResponse #UNC6040 #UNC6240 #Ransomware #Salesforce #InformationSecurity #Infosec #Cybersec #ThreatIntel
#Cisco #Google #CyberAttack -
Google Confirms Salesforce Data Breach by ShinyHunters via Vishing Scam https://hackread.com/google-salesforce-data-breach-shinyhunters-vishing-scam/ #SocialEngineering #Cybersecurity #CyberAttacks #ShinyHunters #CyberAttack #databreach #Salesforce #Security #UNC6040 #Vishing #Google
-
Google Confirms Salesforce Data Breach by ShinyHunters via Vishing Scam – Source:hackread.com https://ciso2ciso.com/google-confirms-salesforce-data-breach-by-shinyhunters-via-vishing-scam-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #SocialEngineering #cybersecurity #CyberAttacks #ShinyHunters #CyberAttack #DataBreach #Salesforce #Hackread #security #UNC6040 #Vishing #Google
-
Google confirms ShinyHunters (UNC6040) breached its internal Salesforce database via a vishing scam, affecting SMB customer data.
Read: https://hackread.com/google-salesforce-data-breach-shinyhunters-vishing-scam/
#CyberSecurity #ShinyHunters #UNC6040 #Salesforce #DataBreach #Google
-
Google and Cisco, have disclosed separate data breaches stemming from voice phishing (vishing) attacks that compromised customer information stored in cloud-based CRM systems.
#salesforce #cisco #google #shinyhunters #infosec #cybersecurity #technews #UNC6040
-
Google Confirms Salesforce Database Breach by ShinyHunters Group https://thecyberexpress.com/google-salesforce-breach-by-unc6040-group/ #TheCyberExpressNews #socialengineering #TheCyberExpress #DataBreachNews #FirewallDaily #ShinyHunters #Salesforce #CyberNews #UNC6040 #GTIG
-
Hackers Using Fake IT Support Calls to Breach Corporate Systems, Google https://hackread.com/hackers-fake-it-support-calls-breach-systems-google/ #ScamsandFraud #Cybersecurity #Vulnerability #CyberAttack #CyberCrime #Salesforce #UNC6040 #Google #Fraud
-
Hackers Using Fake IT Support Calls to Breach Corporate Systems, Google – Source:hackread.com https://ciso2ciso.com/hackers-using-fake-it-support-calls-to-breach-corporate-systems-google-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #ScamsandFraud #Vulnerability #CyberAttack #CyberCrime #Salesforce #Hackread #UNC6040 #Google #Fraud