Hackers abuse modified Salesforce app to steal data, extort companies, Google says
By AJ Vicens
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies,
Google
said on Wednesday.
The hackers - tracked by the Google Threat Intelligence Group as UNC6040 - have "proven particularly effective at tricking employees" into installing a modified version of
Salesforce
's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain "significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments," the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as "The Com," known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson did not share additional details about how many companies have been targeted as part of the campaign, which has been observed over the past several months.
A Salesforce spokesperson told Reuters in an email that "there's no indication the issue described stems from any vulnerability inherent in our platform." The spokesperson said the voice calls used to trick employees "are targeted social engineering scams designed to exploit gaps in individual users'
cybersecurity awareness
and best practices."
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was "aware of only a small subset of affected customers," and said it was "not a widespread issue."
Salesforce warned customers of
voice phishing
, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Indian Express
21 minutes ago
- Indian Express
US issues new Iran-related sanctions, Treasury website shows
The United States has issued a new round of Iran-related sanctions targeting 10 individuals and 27 entities, according to a post on the US Department of Treasury website on Friday. The sanctions, which also target some entities in the United Arab Emirates and Hong Kong, come as US President Donald Trump's administration is working to get a new nuclear deal with Tehran.
Mint
an hour ago
- Mint
UK watchdog pushes Amazon to rein in misleading product ratings: Know what happened
Amazon has pledged to step up its efforts in tackling fake reviews after reaching an agreement with the UK's competition watchdog, the Competition and Markets Authority (CMA). The commitment follows a CMA investigation launched in 2021 to scrutinise whether major online platforms like Amazon and Google were adequately protecting consumers from misleading online ratings. The probe was prompted by the sharp rise in online shopping during the COVID-19 pandemic, which exposed widespread manipulation of product reviews. You may be interested in Under the agreement, Amazon has vowed to enhance its systems aimed at detecting and removing fake reviews. This includes clamping down on a practice known as "catalogue abuse", where sellers artificially boost the reputation of a product by linking it to positive reviews meant for entirely different items. The CMA highlighted a common example of this tactic: shoppers may see a pair of headphones with an impressive five-star rating, only to discover that the reviews actually refer to a mobile phone charger. Amazon will now take stronger action against those engaging in such deceptive practices, including banning businesses from selling on its platform and prohibiting users who repeatedly post fake reviews. Sarah Cardell, Chief Executive of the CMA, emphasised the significance of trustworthy reviews. 'Millions of people shop on Amazon, and star ratings and reviews play a crucial role in what they choose to buy. These undertakings mean shoppers can be more confident that what they see is genuine and that those trying to mislead them will face serious consequences,' she said. This move builds on a similar undertaking secured from Google earlier this year, as part of the CMA's wider effort to ensure online platforms take greater responsibility for protecting consumers. In a statement, Amazon reaffirmed its 'zero tolerance' stance on fake reviews and said the new measures complement its current initiatives. 'We invest substantial resources in preventing fake reviews from appearing in our store, including expert investigators and machine learning tools that analyse thousands of data points to detect suspicious activity,' the company stated. The new commitments apply specifically to Amazon's UK website and are intended to align the company more closely with British consumer protection laws.
Mint
2 hours ago
- Mint
How Sundar Pichai responded to 'Google's lost... it's over. You're the wrong guy to lead Google' remark
In a candid exchange during a recent podcast with YouTuber and researcher Lex Fridman, Alphabet CEO Sundar Pichai addressed growing public criticism about Google's perceived loss of momentum in the AI race, saying he remains confident in the company's long-term vision and leadership. Responding to a pointed comment —'Google's lost... it's over. You're the wrong guy to lead Google' — Pichai reflected on the strategic decisions he has made as CEO, emphasising the company's commitment to becoming 'AI-first' and responsibly building artificial general intelligence (AGI). 'Obviously, the main bet as a CEO I made was to make sure the company was approaching everything in an AI-first way,' Pichai said. 'We've made sure we put out products that are useful to people. I had a good sense of what we were building internally even during the turbulence last year.' Pichai highlighted several foundational moves made under his leadership, including the merger of Google Brain and DeepMind into the unified Google DeepMind team, a decision he believes has strengthened the company's AI research capabilities. He also referenced Google's early investment in Tensor Processing Units (TPUs) over a decade ago, which he said has been critical in scaling up and training large AI models like Gemini. In his characteristic calm tone, Pichai described his approach to leadership amid criticism. 'I am good at tuning out the noise and separating signal from noise,' he remarked, drawing an analogy to scuba diving. 'Sometimes, you jump in the ocean and it's choppy. But you go just a foot below, and it's the calmest thing in the universe.' He compared running Google to managing an elite football club like Barcelona or Real Madrid — where one rough season does not negate the strength of the squad or the long-term strategy. 'You watch the signals, and while some good feedback may come from the outside, internally you're making a set of consequential decisions. Many may feel inconsequential at the time, but they add up.' Despite challenges, Pichai believes Google is well-positioned in the AI landscape. 'We had to ramp up the TPUs, train Gemini, and scale our compute. To me, it seemed like the biggest opportunity space of the next decade — bigger than what we've seen before,' he said. 'We're set up better than most companies in the world.' The remarks come at a time when tech giants are fiercely competing for AI dominance, and public perception often shifts quickly based on product rollouts and visible innovation. For Pichai, however, the focus remains steady: 'Just keep things moving. We've set up the right teams, the right leaders, and we have world-class researchers.'
