A new phishing scheme has emerged targeting businesses using Salesforce, detailed by Google's Threat Intelligence Group. Cybercriminals impersonate IT staff and instruct employees to install a malicious version of the legitimate Salesforce Data Loader application. This allows hackers to access sensitive Salesforce records after gaining permission from unsuspecting employees. Once installed, they can exfiltrate confidential data and may further exploit credentials to access additional systems such as Microsoft 365 and Okta. The attack group, known as UNC6040, leverages voice phishing tactics to manipulate employees into compromising their organizations' security.
In a new phishing campaign, hackers posing as IT support deceive employees into downloading a modified Salesforce Data Loader to steal confidential information.
By impersonating support staff, cybercriminals employ voice phishing to gain unauthorized access to Salesforce data and other cloud platforms like Microsoft 365.
Once installed, the malicious version of Data Loader allows hackers to access Salesforce records immediately, leading to significant data breaches.
Attackers not only target Salesforce but can also exploit stolen credentials to infiltrate networks and capture data from various cloud services.
Collection
[
|
...
]