Hackers abuse modified Salesforce app to steal data, extort companies, Google says
are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday.
The hackers - tracked by the
Google Threat Intelligence Group
as UNC6040 - have "proven particularly effective at tricking employees" into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into
Salesforce
environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain "significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments," the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Live Events
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as "The Com," known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said. A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organizations had data successfully exfiltrated, the spokesperson said.
Discover the stories of your interest
Blockchain
5 Stories
Cyber-safety
7 Stories
Fintech
9 Stories
E-comm
9 Stories
ML
8 Stories
Edtech
6 Stories
A Salesforce spokesperson told Reuters in an email that "there's no indication the issue described stems from any vulnerability inherent in our platform." The spokesperson said the voice calls used to trick employees "are targeted social engineering scams designed to exploit gaps in individual users'
cybersecurity
awareness and best practices."
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was "aware of only a small subset of affected customers," and said it was "not a widespread issue." Salesforce warned customers of
voice phishing
, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Hindustan Times
38 minutes ago
- Hindustan Times
How random chat got Alaskan man a Ural bike from Putin ahead of Russia-US summit
In an interesting twist to last week's high-stakes summit between US President Donald Trump and his Russian counterpart, Vladimir Putin, in Alaska, a local Anchorage man became the proud new owner of a Ural motorcycle. Alaska resident Mark Warren rides his new Ural motorcycle, a gift from Russian President Vladimir Putin.(REUTERS) A Russian embassy official handed the man, identified as Mark Warren, the keys to a brand-new Ural bike in the parking lot of the Anchorage hotel where the Russian delegation was staying. "I have to say that this is a personal gift from the President of the Russian Federation," Andrei Ledenev, the embassy employee, told Warren. Warren, white-haired and bespectacled, looked stunned as he climbed aboard his new ride, with Ledenev behind him and another man wedged into the classic Ural sidecar. The three took the bike for a celebratory spin — all smiles and cameras rolling. "It's night and day," Warren said. "I like my old one, but this one is obviously much better. I'm speechless, it's amazing. Thank you very much," he said. Street chat to surprise Putin The whole episode began by chance after Russian state TV reporters were talking to people of Anchorage ahead of the Putin-Trump talks when they spotted Warren with his old Ural motorcycle, a Soviet-era machine he said he loved but struggled to maintain. Warren told a reporter, Valentin Bogdanov, that he struggled to obtain spare parts for the bike, including a new starter, because the manufacturing plant is "located in Ukraine." "So for you, if they resolve this conflict here in Alaska, I mean Putin and Trump, it will be good?" Bogdanov asks Warren. "Yes, it will be good," the Alaskan man replied. Ural bikes Ural, which is headquartered in Washington State, says that all of its motorcycles are assembled in Kazakhstan. The company pulled all its production out of Russia after the start of the full-scale war in Ukraine. Ural did not immediately reply to a request for comment outside working hours in the US. (with inputs from Reuters)
Hindustan Times
an hour ago
- Hindustan Times
'Ketamine Queen' Jasveen Sangha agrees to plead guilty to supplying fatal drug to Matthew Perry
Jasveen Sangha, known as the "Ketamine Queen" on Monday struck a deal with federal prosecutors and agreed to plead guilty to supplying the drug that killed 'Friends' actor Matthew Perry. 'Ketamine Queen' Jasveen Sangha, allegedly supplied lethal dose to the FRIENDS star. (X) Sangha, who was set to go on trial in September, will plead guilty to a total of five federal charges, news agency Reuters reported, citing a statement from the Department of Justice. This is a developing story. We will update with further information.
Time of India
an hour ago
- Time of India
She studied at a top U.S. university, works as a senior techie at Google, yet H-1B visa jitters shadow her American dream
From Brown University to Big Tech You Might Also Like: US computer science degrees from top universities are leaving graduates jobless: Why is top coding education no longer enough? The Weight of Uncertainty Life Plans on Hold Another Risk in the Process — svembu (@svembu) For many, a degree from an Ivy League university and a career with global tech giants like Facebook and Google might sound like a perfect ticket to stability in the United States. For Indian-born Surbhi Madan, however, the story is more complicated. Despite 12 years in the US and nearly a decade at Google, she says the uncertainty of her H-1B visa status continues to shape her life in unexpected 30-year-old senior software engineer recently shared her story with Business Insider, offering a candid glimpse into the hidden insecurities behind a glittering résumé.Madan moved to the US in 2013 to pursue her bachelor's degree at Brown University, inspired by her elder brother's academic journey. After interning at Google's New York office, she secured a full-time role before graduation in 2017. Her first stroke of luck came when she won the H-1B visa lottery on her initial attempt.'I feel like I got really lucky when I compare it to the situation for recent graduates now,' she told Business career path has since been enviable: a stint with Facebook's feed-ranking team, followed by leadership roles in Google Maps infrastructure and AI integrations. But behind the professional success lies a quieter, more fragile working in the US for over a decade, Madan admits that her life often feels temporary. Everyday decisions—from apartment leases to community volunteering—are filtered through the lens of her visa status.'I refrain from volunteering because it means contacting my immigration lawyer to make sure it's safe,' she explained. Even driving mistakes or tax filing errors, she fears, could jeopardize her stay.A comment by a border officer once drove the point home: when she said she 'lived' in the US, the officer corrected her, saying, 'You don't live here; you work here.' The moment, she said, stayed with constraints of the H-1B system affect not only her career mobility but also her personal milestones. Madan has contemplated freezing her eggs but worried about whether she could access them if she lost her work authorization. 'I can't imagine having a person depend on me while I'm on a temporary status tied to having a job,' she ambitions beyond coding also face roadblocks. With a passion for teaching and mentoring women in tech , Madan has thought about transitioning into education, but her visa does not permit alternative career paths outside her sponsoring many immigrants in similar positions, Surbhi's experience underscores the paradox of the American dream: the country welcomes global talent but ties their future to the unpredictability of a lottery system.'I sit down once a year and ask myself if this is still worth it. So far, the answer has been yes,' Surbhi story adds to the growing debate about whether the US immigration system can keep pace with the realities of the modern workforce—especially when even top tech talent with world-class education faces long-term founder Sridhar Vembu recently highlighted another risk: the financial burden of overseas education. In a post on X, he shared the case of a student who borrowed ₹70 lakh (about $80,000) at a steep 12% interest rate to study at a relatively unknown US university, only to struggle repaying the loan amid poor job prospects. Vembu urged students and families to think twice before taking on such heavy debt, warning that 'we should not trap young people in debt in the name of education.'
