Hackers abuse modified Salesforce app to steal data, extort companies, Google says
FILE PHOTO: The company logo for Salesforce.com is displayed on the Salesforce Tower in New York City, U.S., March 7, 2019. REUTERS/Brendan McDermid/File Photo
(Reuters) -Hackers are tricking employees at companiesin Europe and the Americasinto installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday.
The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson did not share additional details about how many companies have been targeted as part of the campaign, which has been observed over the past several months.
A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.'
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was "aware of only a small subset of affected customers," and said it was "not a widespread issue."
Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
(Reporting by AJ Vicens in Detroit; Editing by Leslie Adler)
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Star
2 hours ago
- The Star
French rabbi tells of two attacks in one week as hate crimes rise
PARIS (Reuters) - A French rabbi was attacked on Friday for the second time in a week, he told Reuters, reflecting a broad rise in hate crimes across France that has included high-profile anti-Semitic assaults. Elie Lemmel said he was sitting at a cafe in the Paris suburb of Neuilly-sur-Seine on Friday when he was hit in the head by a chair. "I found myself on the ground, I immediately felt blood flowing," he said. He was stunned and unsure what exactly had happened, he said, initially thinking something must have fallen from a window or roof, before it occurred to him he had been attacked. "Unfortunately, given my beard and my kippah, I suspected that was probably why, and it's such a shame," he said. Friday's incident follows another in the town of Deauville in Normandy last week, when Lemmel said he was punched in the stomach by an unknown assailant. Lemmel said he was used to "not-so-friendly looks, some unpleasant words, people passing by, spitting on the ground," but had never been physically assaulted before the two attacks. The prosecutor's office in Nanterre said it had opened an investigation into the Neuilly attack for aggravated violence and that a person was being held for questioning. It said it could not provide further details. "This act sickens us," former Prime Minister Gabriel Attal wrote on X regarding Friday's incident involving Lemmel. "Antisemitism, like all forms of hatred, is a deadly poison for our society." Last week, five Jewish institutions were sprayed with green paint in Paris. "I condemn in the strongest possible terms the anti-Semitic attack that targeted a rabbi in Neuilly today. Attacking a person because of their faith is a shame. The increase in anti-religious acts requires the mobilization of everyone," Interior Minister Bruno Retailleau said in a post on X. France has seen a rise in hate crimes. Last year, police recorded an 11% rise in racist, xenophobic or antireligious crimes, according to official data published in March. The figures did not include a breakdown by attacks on different religions. (Reporting by Gabriel Stargardter, Antony Paone, Dominique Vidalon; Editing by Hugh Lawson)
The Star
3 hours ago
- The Star
Stablecoin firm Circle scales record high after blockbuster NYSE listing
Jeremy Allaire, CEO and co-founder of Circle Internet Group, the issuer of one of the world's biggest stablecoins, reacts to the price of first trade, on the day of the company's IPO, at the New York Stock Exchange (NYSE), in New York City, U.S., June 5, 2025. REUTERS/Brendan McDermid/File Photo (Reuters) -Stablecoin issuer Circle Internet's shares climbed 41% to hit a record high on Friday, extending a stellar run after a blowout market debut on the New York Stock Exchange a day earlier. The New York-based company's stock touched as much as $117.45, more than triple its offer price of $31 and valuing the company at $30.5 billion on a fully diluted basis. The blockbuster listing also reinforced expectations that the IPO market was regaining its momentum after being stifled by tariff-driven volatility. "This is big enough that it extends beyond crypto," said Matt Kennedy, senior strategist at Renaissance Capital, a provider of IPO-focused research and ETFs. Wall Street executives also struck an optimistic tone on Thursday at an industry conference, emphasizing that markets were ready for the right companies. NYSE President Lynn Martin said Circle's IPO was a bellwether for the IPO market this year and not just for crypto listings. Investors are also realizing that the uncertain environment is going to be relatively persistent and focusing on putting their dollars at work, Nasdaq CEO Adena Friedman said. "This is the latest sign of building momentum in the IPO market. We'll likely continue to see moderate activity over the next month, but there is still some tariff uncertainty on the horizon, which is why we're expecting more of a full IPO rebound in the fall," Kennedy said. Digital banking startup Chime is poised to go public in New York next week. Sixth Street-backed cancer diagnostic firm Caris Life Sciences, private equity-backed debt buyer Jefferson Capital and Florida-based Slide Insurance have also joined the IPO pipeline in recent weeks. (Reporting by Arasu Kannagi Basil in Bengaluru; Editing by Sriraj Kalluvila)
The Star
3 hours ago
- The Star
X plays up blue checkmark disclaimer to stave off possible EU fine, source says
The new logo of Twitter is seen in this illustration taken, July 24, 2023. REUTERS/Dado Ruvic/Illustration/File Photo BRUSSELS (Reuters) -Elon Musk's social media company X has highlighted a disclaimer to its blue checkmark in an attempt to head off a possible hefty fine from EU antitrust regulators, a person familiar with the matter said. The European Commission in July last year charged X with deceiving users, saying that the blue checkmark does not correspond to industry practices and that anyone can pay to get a "verified" status. The blue checkmark had previously indicated that an account belonged to a public figure whose identity was verified but Musk changed it to indicate it belonged to a paid subscriber after acquiring X in 2022. X has not admitted wrongdoing and the prominent display of the blue checkmark disclaimer is not part of any settlement proposal with the EU tech enforcer, the person said. The prominent display started a week ago. The Commission said it took note of X's announcement. "Our investigation related to the blue checkmark is ongoing," a spokesperson said. X did not immediately respond to an emailed request for comment. The EU probe is under the Digital Services Act which requires large online platforms to do more to tackle illegal and harmful content or risk fines as much as 6% of their global annual revenue. Bloomberg was the first to report on the blue checkmark disclaimer. (Reporting by Foo Yun Chee; editing by David Evans)
