Hackers are using a modified Salesforce app to trick employees and extort companies, Google says
The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organizations had data successfully exfiltrated, the spokesperson said.
A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.'
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was 'aware of only a small subset of affected customers,' and said it was 'not a widespread issue.'
Salesforce warned customers of voice phishing, or 'vishing,' attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
4 minutes ago
- Yahoo
Mega owners ready offer for Liverpool star
One Liverpool attacker could be on the move this summer with two mega owners ready to make an offer. All the focus is on who could be coming into the club right now. The focal point being Alexander Isak and the drama that surrounds him. 🚨2025/26 LFC x adidas range🚨 LFC x adidas Shop the away range TODAY LFC x adidas Shop the home range today! LFC x adidas Shop the goalkeeper range today LFC x adidas Shop the new adidas range today! But it's important to note Liverpool don't have tunnel vision. They are relaxed about their activity in the market so far and about the Isak situation. They're also working on other deals. Marc Guehi is one they could still get done before the transfer deadline. Meanwhile, there are also a number of deals Liverpool could complete for departing players. Among them Harvey Elliott is the most sought after player. However, there is also interest in Kostas Tsimikas. Meanwhile, another Liverpool attacker is wanted on a permanent deal. 🔴 Shop the LFC 2025/26 adidas away range So, there is still a lot of moves that could be happening before the window shuts. In fact, for the first time in a while we could actually be in for a busy deadline day. It remains to be seen. One player who could make a surprise move is Lewis Koumas. It's not necessarily a surprise that he might be on the move. What is a surprise is that he could be moving on permanently from the club. That's according to a report from the Liverpool ECHO who claim that Koumas is attracting permanent interest. The report says that Birmingham City and Wrexham AFC are ready for a transfer tug of war in order to acquire the services of Koumas from Liverpool. Now while Liverpool won't want to lose Koumas on a permanent transfer as he still has a lot of potential, Birmingham's and Wrexham's interest will be intriguing enough for the Reds. Both teams have mega owners with Birmingham propped up by Tom Brady and Wrexham supported by Ryan Reynolds and Rob Mcelhenney. Last season, Birmingham shattered the League One transfer record for Jay Stansfield for £20m. This summer Wrexham spent £10m on Nathan Broadhead and £8m on Callum Doyle from Manchester City. Liverpool will have a price for Koumas and it will be around that figure. The ECHO claims that Liverpool value Koumas at a higher price than Bobby Clark, who joined Red Bull Salzburg for £10m last season. The Reds are very good at selling players on for a profit and if Birmingham or Wrexham come in with an offer for Koumas as the ECHO claim they are preparing to do, it will be difficult to refuse. Especially if it's in excess of £10m, something both team is capable of paying given their financial backing. For that price, Liverpool will be making a very healthy profit on a player who has a lot of potential but who doesn't have a clear pathway into the first team at the moment.
Yahoo
4 minutes ago
- Yahoo
Surprise good news as government borrowing less than half forecast
The government borrowed the least amount of money in three years last month, official figures showed, in a surprise bout of good news for the chancellor. Not since July 2021, in the midst of the COVID-19 pandemic, was state borrowing so low, according to data from the Office for National Statistics (ONS). Increases in tax and national insurance receipts meant public sector net borrowing was £1.1bn in July. That's less than half the figure (£2.6bn) expected by economists polled by the Reuters news agency. But borrowing was still £6bn higher in the first four months of the financial year, which started in April, than the same period in 2024. This breaking news story is being updated and more details will be published shortly. Please refresh the page for the fullest version. You can receive breaking news alerts on a smartphone or tablet via the Sky News app. You can also follow us on WhatsApp and subscribe to our YouTube channel to keep up with the latest news.
Yahoo
4 minutes ago
- Yahoo
Celtic frustrated in forward chase - Thursday's gossip
Celtic have agreed a deal in principle with Royal Antwerp for forward Michel Ange Balikwisha and a medical is arranged - but "internal issues" at the Belgian club are holding up the deal. (Sacha Tavolieri) Rangers are working to get as many as nine players off their books during the remaining period of the summer transfer window. (Daily Record) Manager Jimmy Thelin has refused to rule out a move to bring Scotland forward Kevin Nisbet back to Aberdeen. (Daily Record) Aberdeen chairman Dave Cormack says the club will give the local council the land on which Pittodrie sits to ensure their new beachside stadium is built - and stop the city "sleepwalking into an economic crisis". (Press & Journal) Wednesday's Scottish gossip Thursday's English & European gossip Girona look set to sign Rangers target Alex Moreno, the 32-year-old left-back, from Aston Villa. (Santi Aouna) And centre-back Nobel Mendy has signed for Rayo Vallecano after his move to Rangers collapsed. (The Herald) Steven Gerrard held talks with 49ers Enterprises, who also own Rangers, over the Leeds United job as well as the Liverpool legend being in the mix for the Ibrox job. (Daily Record) Jose Cifuentes is close to sealing an exit from Rangers, with Toronto FC finalising a deal to sign the midfielder. (Tom Bogert)
