Hackers are using a modified Salesforce app to trick employees and extort companies, Google says
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday.
The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organizations had data successfully exfiltrated, the spokesperson said.
A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.'
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was 'aware of only a small subset of affected customers,' and said it was 'not a widespread issue.'
Salesforce warned customers of voice phishing, or 'vishing,' attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
23 minutes ago
- Yahoo
White House aide calls Los Angeles anti-ICE protests an 'insurrection'
WASHINGTON (Reuters) - Senior White House aide Stephen Miller on Saturday condemned protests in downtown Los Angeles against federal immigration raids as an "insurrection" against the United States. Helmeted police in riot gear engaged in a tense confrontation with protesters on Friday night after Immigration and Customs Enforcement (ICE) agents conducted enforcement operations in the city and arrested at least 44 people on immigration violations. "An insurrection against the laws and sovereignty of the United States," Miller, the White House deputy chief of staff, wrote on X. Miller, an immigration hardliner, was responding to video footage on X showing a large number of people protesting in downtown Los Angeles. The Los Angeles Police Department (LAPD) said it had not made any arrests related to the demonstration. FBI deputy director Dan Bongino posted on X that they were reviewing evidence from the protests. "We are working with the U.S. Attorney's Office to ensure the perpetrators are brought to justice," Bongino said. "The Right to assemble and protest does not include a license to attack law enforcement officers, or to impede and obstruct our lawful immigration operations." President Donald Trump has pledged to deport record numbers of people in the country illegally and lock down the U.S.-Mexico border, with the White House setting a goal for ICE to arrest at least 3,000 migrants per day. But the sweeping immigration crackdown has also included people legally residing in the country, including some with permanent residence, and has led to legal challenges. Television news footage earlier on Friday showed caravans of unmarked military-style vehicles and vans loaded with uniformed federal agents streaming through Los Angeles streets as part of the immigration enforcement operation. "Forty-four people (were arrested) on immigration charges," Yasmeen Pitts O'Keefe, a spokesperson for Homeland Security Investigations told Reuters on Saturday. The LAPD did not take part in the immigration enforcement. It was deployed to quell civil unrest after crowds protesting the deportation raids spray-painted anti-ICE slogans on the walls of a federal court building and gathered outside a nearby jail where some of the detainees were reportedly being held. Los Angeles Mayor Karen Bass in a statement condemned the immigration raids. "I am deeply angered by what has taken place," Bass said. "These tactics sow terror in our communities and disrupt basic principles of safety in our city. We will not stand for this." (Reporting By Lucia Mutikani; editing by Diane Craft)
Android Authority
an hour ago
- Android Authority
YouTube is warning some Premium Lite subscribers about more ads next month, but don't worry
Joe Maring / Android Authority TL;DR YouTube Premium Lite offers a budget-priced paid subscription that removes most ads from YouTube. Exceptions have included things like music videos, and in some markets Google has warned that Shorts may show ads, as well. The company is now sending out notices to more subscribers warning them that ads in Shorts will start appearing at the end of June. YouTube Premium is well worth paying for, giving users ad-free access to maybe the broadest library of content in streaming history. But especially if you get your music fix from another provider (like paying for Spotify Premium), it doesn't make a ton of sense to be paying full price for YouTube Premium and not taking advantage of its YouTube Music access. That's exactly why we were so happy to see Google introduce YouTube Premium Lite, which just focuses on removing (most) ads without worrying about any extras — and does so for a fraction of the price. While Premium Lite removes the vast majority of ads from normal videos, we've known that Google has carved out a series of exceptions. Those consist of 'music content, Shorts, and when you search or browse.' So far, at least in our experience, those have proved to be minimal, and we've found Premium Lite to offer a very reasonable compromise to paying full price. That said, the situation is now changing a bit, and not for the better — at least for Premium Lite subscribers in some regions. Google has recently been sending out emails to Premium Lite users in Germany, according to Deskmodder (via 9to5Google). These advise subscribers that ads in YouTube Shorts will start appearing as of June 30. We've also uncovered TWiT Community user big_D sharing the same message (this time in English). Curious why Google would be sending out notifications about ads we already knew about, and wondering why these messages didn't seem to be targeted at Premium Lite users in all nations, we reached out to Google in the hopes of getting some clarification. And it turns out that there's a simple explanation for all of this. You may recall that when we first began hearing about Premium Lite in testing last fall, it wasn't yet available in the US, instead getting started in Australia, Germany, and Thailand. And it turns out, as Google was still getting its plans for the service together, it hadn't told subscribers in Germany and Thailand that they'd be seeing ads in Shorts. By the time access expanded to the US, ads in Shorts were on the table from the beginning, but Google is only going back now and notifying customers in Germany and Thailand that they're getting them, too. So that's what going on with these emails: Most Premium Lite subscribers already knew about ads for Shorts, and now YouTube's telling the rest of you. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
Yahoo
an hour ago
- Yahoo
Operation Spider's Web: Germany estimates that Ukraine damaged 10% of Russian strategic aircraft
Ukraine's drone attack on Russian airfields on 1 June probably damaged about 10% of Russia's strategic bomber fleet, German Major General Christian Freuding has said. Source: Freuding in a podcast, as reported by European Pravda, citing Reuters Quote: "According to our assessment, more than a dozen aircraft were damaged, TU-95 and TU-22 strategic bombers as well as A-50 surveillance planes." Details: According to the general, who coordinates Berlin's military assistance to Kyiv and works closely with the Ukrainian Defence Ministry, the A-50s, which have a similar function to NATO's AWACS aircraft in providing air surveillance, were probably not in working order. "We believe that they can no longer be used for spare parts. This is a loss, as only a handful of these aircraft exist," he said. "As for the long-range bomber fleet, 10% of it has been damaged in the attack according to our assessment," Freuding added. The United States estimates that the daring Ukrainian drone attack hit up to 20 Russian warplanes, destroying about 10 of them, two US officials told Reuters. Experts say it will take Moscow years to replace the affected aircraft. Despite the losses, Freuding sees no immediate reduction in Russian strikes on Ukraine, noting that Moscow still retains 90% of its strategic bombers, which can launch ballistic and cruise missiles in addition to dropping bombs. "But there is, of course, an indirect effect as the remaining planes will need to fly more sorties, meaning they will be worn out faster, and, most importantly, there is a huge psychological impact," he said. Freuding said that Russia felt secure in its vast territory, which also explains why the aircraft were not well protected. "After this successful operation, this no longer holds true. Russia will need to ramp up the security measures," the general said. Background: On 1 June 2025, the Security Service of Ukraine (SSU) carried out a special operation codenamed Pavutyna ("Spider's Web"), hitting Russian strategic jets at four airfields. SSU head Vasyl Maliuk stated that 34% of strategic cruise missile carriers at Russia's main airfields had been destroyed. The SSU said the estimated cost of the equipment destroyed as a result of Operation Spider's Web is over US$7 billion. A senior NATO official called the operation the most successful one yet. The Alliance estimated that at least 40 aircraft were damaged. Between 10 and 13 aircraft were completely destroyed. Ukrainian President Volodymyr Zelenskyy has emphasised that the security services used exclusively Ukrainian weapons in this operation and did not use equipment from allied warehouses. Support Ukrainska Pravda on Patreon!
