Hackers abuse modified Salesforce app to steal data, extort companies, Google says

Reuters
06/04
Hackers abuse modified Salesforce app to steal data, extort companies, Google says

By AJ Vicens

June 4 (Reuters) - Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday.

The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have “proven particularly effective at tricking employees” into installing a modified version of Salesforce’s Data Loader, a proprietary tool used to bulk import data into Salesforce CRM.N environments, the researchers said.

The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.

If the employee installs the app, the hackers gain “significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,” the researchers said.

The access also frequently gives the hackers the ability to move throughout a customer’s network, enabling attacks on other cloud services and internal corporate networks.

Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as “The Com,” known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.

A Google GOOGL.O spokesperson did not share additional details about how many companies have been targeted as part of the campaign, which has been observed over the past several months.

A Salesforce spokesperson told Reuters in an email that “there’s no indication the issue described stems from any vulnerability inherent in our platform.” The spokesperson said the voice calls used to trick employees “are targeted social engineering scams designed to exploit gaps in individual users’ cybersecurity awareness and best practices.”

The spokesperson declined to share the specific number of affected customers, but said that Salesforce was "aware of only a small subset of affected customers," and said it was "not a widespread issue."

Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.

(Reporting by AJ Vicens in Detroit; Editing by Leslie Adler)

((a.j.vicens@tr.com; +1 651 263 1318))

免責聲明:投資有風險,本文並非投資建議,以上內容不應被視為任何金融產品的購買或出售要約、建議或邀請,作者或其他用戶的任何相關討論、評論或帖子也不應被視為此類內容。本文僅供一般參考,不考慮您的個人投資目標、財務狀況或需求。TTM對信息的準確性和完整性不承擔任何責任或保證,投資者應自行研究並在投資前尋求專業建議。

熱議股票

  1. 1
     
     
     
     
  2. 2
     
     
     
     
  3. 3
     
     
     
     
  4. 4
     
     
     
     
  5. 5
     
     
     
     
  6. 6
     
     
     
     
  7. 7
     
     
     
     
  8. 8
     
     
     
     
  9. 9
     
     
     
     
  10. 10