Hackers are using a modified Salesforce app to trick employees and extort companies, Google says
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday.
The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organizations had data successfully exfiltrated, the spokesperson said.
A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.'
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was 'aware of only a small subset of affected customers,' and said it was 'not a widespread issue.'
Salesforce warned customers of voice phishing, or 'vishing,' attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
ECB Is in Good Position on Rates, Lagarde Tells Monaco Info
(Bloomberg) -- The latest interest-rate moves primes the European Central Bank to meet its medium-term inflation goal, President Christine Lagarde told television station Monaco Info. Next Stop: Rancho Cucamonga! Where Public Transit Systems Are Bouncing Back Around the World ICE Moves to DNA-Test Families Targeted for Deportation with New Contract US Housing Agency Vulnerable to Fraud After DOGE Cuts, Documents Warn Trump Said He Fired the National Portrait Gallery Director. She's Still There. 'We think we have really reached a good position,' she said in an interview broadcast Saturday, adding that the latest olicy decision was 'well calibrated.' Speaking on the sidelines of an event on oceans, Lagarde said that policymakers will be attentive to incoming data 'to know if we need to adjust or not adjust' borrowing costs. 'But I think we are currently well positioned to face moments that will be delicate and very uncertain.' After an eight rate reduction in a year and a total easing of 200 basis points, the cutting campaign is nearing an end, Lagarde has said after the latest decision on Thursday. The ECB is now 'in a good position' to deal with uncertainties ahead, not least due to US trade policies, she said. Officials from across the hawk-dove-spectrum have echoed that the recent cycle is almost, if not completely over. Greece's Yannis Stournaras, one of the most dovish policymakers, told Bloomberg on Friday that the bar for more cuts is 'high,' while more hawkish Boris Vujcic from Croatia said Saturday the ECB is 'nearly done.' The ECB's projections published Thursday foresee inflation to slow to 1.6% in 2026, before returning to 2% in 2027, matching the institution's medium-term target. Growth is expected to strengthen over the forecast horizon. Lagarde also said in the interview that 'the euro is doing well,' adding that the ECB's monetary policy has allowed officials to tame inflation from a peak of more than 10% to the 2% level that is the central bank's target. 'I think we are well calibrated to reach this medium-term goal,' she said. Speaking in a separate interview with TV Monaco, Lagarde said while the ECB's most recent economic projections don't take into account a scenario of 50% tariffs on European goods shipped to the US, such a level 'would be rather disastrous for international trade.' (Updates with comment on trade in final paragraph) Cavs Owner Dan Gilbert Wants to Donate His Billions—and Walk Again The SEC Pinned Its Hack on a Few Hapless Day Traders. The Full Story Is Far More Troubling Trump Considers Deporting Migrants to Rwanda After the UK Decides Not To Is Elon Musk's Political Capital Spent? What Does Musk-Trump Split Mean for a 'Big, Beautiful Bill'? ©2025 Bloomberg L.P. Sign in to access your portfolio
Fox News
an hour ago
- Fox News
US soldier killed in vehicle crash while training abroad, Army confirms
A U.S. soldier died during a training incident in Hungary this week, the Army's 101st Airborne Division confirmed to Fox News Digital Saturday. Sgt. Aaron Cox, 24, of Mabank, Texas, died Thursday near Camp Croft from injuries sustained in a crash when he was driving a vehicle in preparation for the Saber Guardian 25 exercise. Cox was an infantryman assigned to the "Strike" 2nd Mobile Brigade Combat Team of the 101st Airborne Division. "The loss of Sgt. Cox is a tragedy for all of us on the Strike team," Col. Duke Reim, commander, 2MBCT, 101st Airborne Division, said in a statement. "He was a strong soldier and leader who quickly rose through the ranks while serving. "We are in direct contact with his family for care and support that they need during this difficult time. We would like to thank our Hungarian allies for their prompt response and support to our soldiers." Cox joined the Army in 2021 and was first assigned to Fort Campbell in the Kentucky-Tennessee area after basic training. He graduated from the Army Basic Leader Course and the Combat Lifesaver Course. His awards included the Air Assault Badge, Army Achievement Medal with two oak leaf clusters, Army Good Conduct Medal, the National Defense Service Medal, the Global War on Terrorism Service Medal and the Expert Infantryman Badge. Cox was on his second deployment after he served in Poland three years ago. The accident is under investigation. Four soldiers died in Lithuania earlier this year when their vehicle was found in a bog after they went missing. Sgt. Jose Duenez, Jr., 25, of Joliet, Illinois; Sgt. Edvin F. Franco, 25, of Glendale, California; Pfc. Dante D. Taitano, 21, of Dededo, Guam, and Sgt. Troy S. Knutson-Collins, 28, of Battle Creek, Michigan, were all M1 Abrams tank system maintainers. They had been on a mission to repair and tow an immobilized tactical vehicle.
Yahoo
an hour ago
- Yahoo
101st Airborne soldier dies in training accident in Hungary
A soldier with the 101st Airborne Division died on Thursday, June 5 in a training accident in Hungary, the Army announced today. Sgt. Aaron Cox, 24, was serving as an Infantryman in the 2nd Mobile Brigade Combat Team, 101st Airborne Division (Air Assault). He died after being involved in a vehicle accident in Hungary while helping prepare for a multi-national military exercise, the Army said on Saturday, June 7. 'The loss of Sgt. Cox is a tragedy for all of us on the Strike team,' Col. Duke Reim, commander of the 2nd Mobile Brigade Combat Team, said in the Army's announcement. 'He was a strong soldier and leader, who quickly rose through the ranks while serving. We are in direct contact with his family, for care and support that they need during this difficult time. We would like to thank our Hungarian allies for their prompt response and support to our soldiers.' The Army did not provide additional details on the accident but did say that it is under investigation. Cox's death came during preparation for the Saber Guardian 2025 exercise. The NATO exercise, set to run June 9-24, includes live-fire drills and motorized assault training, and will be held in Germany and Romania, in addition to Hungary. Cox, from Mabank, Texas, enlisted in 2021 and was assigned to Fort Campbell a year later. He also previously deployed to Poland that same year. Per the Army, his decorations include the Army Achievement Medal with two oak leaf clusters, the Global War on Terrorism Service Medal, the Expert Infantryman Badge and the Air Assault Badge, among others. The 2nd Mobile Brigade Combat Team, 101st Airborne Division deployed to Europe this spring as part of U.S. rotations in support of the NATO mission. The troops replaced soldiers from 3rd Brigade Combat Team, 10th Mountain Division. Navy SEAL Team 6 operator will be the military's new top enlisted leader Veterans receiving disability payments might have been underpaid, IG finds Guam barracks conditions are 'baffling,' Navy admiral says in email Navy fires admiral in charge of unmanned systems office after investigation The Pentagon wants troops to change duty stations less often
