Google has revealed a threat group known as UNC6040, which conducts sophisticated vishing campaigns aimed at breaching organizations' Salesforce systems. This group exploits social engineering tactics, impersonating IT support to obtain sensitive information from unsuspecting employees. A notable tactic involves using a modified version of Salesforce's Data Loader to gain unauthorized access to data. Through these malicious activities, UNC6040 not only steals sensitive information but also expands its infiltration into other applications, potentially compromising additional systems like Okta and Microsoft 365, amplifying the impact of their operations.
Google's threat intelligence team disclosed details about UNC6040, a financially motivated threat group specializing in voice phishing to breach Salesforce instances for data theft.
Over the past months, UNC6040 has succeeded in breaching networks by impersonating IT support in social engineering calls, tricking employees into sharing credentials.
The attackers use a modified version of Salesforce's Data Loader app, misrepresenting it to gain authorization and access victim organizations’ Salesforce environments.
These attacks not only lead to data theft but also allow UNC6040 to navigate laterally across networks, targeting platforms like Okta and Microsoft 365.
Collection
[
|
...
]