The Google Threat Intelligence Group is tracking a financially motivated threat group named UNC6040, which specializes in voice phishing attacks targeting organizations to compromise their Salesforce instances for data theft and extortion. This group has proven adept at social engineering, impersonating IT support to deceive employees into revealing sensitive credentials. CISO Adam Marrè highlights the role of AI in enhancing these attacks, making them more sophisticated and challenging to detect. UNC6040 is believed to be part of a wider group known as The Com, which consists of various financially motivated threat actors known for advanced social engineering tactics.
Adam Marrè, CISO at Arctic Wolf comments, "Last year, we talked about AI's role in mis and disinformation and the likelihood that it would spread beyond just AI-approved phishing messages. We've talked about deepfakes of CEOs and key leadership to exploit an organization financially. A recent cyber trends report even showed that AI is a top cybersecurity concern according to a third of respondents."
We're seeing firsthand how threat actors are leveraging AI to increase the speed, scale, and sophistication of their attacks. The news of threat actor group UNC6040 using vishing, or voice phishing, to impersonate IT workers and ultimately access Salesforce data shows the potential power LLMs could have in elevating phishing attacks, making them harder to detect and easier to fall for.
Collection
[
|
...
]