Latest news with #UNC6040
Forbes
3 days ago
- Forbes
Confirmed: Google Has Been Hacked — User Data Compromised
Update, August 8, 2025: This story, originally published on August 7, has been updated with additional information from cybersecurity experts regarding the confirmed hacking of Google that has exposed user data. The Google Threat Intelligence Group has officially confirmed that user data has been stolen following a successful hack attack impacting one of its databases. Here's what we know so far. Google Has Been Hacked — Data Has Been Compromised This is not a warning that the Google Chrome web browser is in need of an urgent security update, or a story about switching from passwords to passkeys to protect your Google account. No, this is exactly what the headline says: Google has been hacked. Source? That would be Google itself. An August 5 posting by the Google Threat Intelligence Group has confirmed that one of the corporate databases was impacted by hackers thought to be associated with the ShinyHunters ransomware group, more formally known as UNC6040. 'Google responded to the activity, performed an impact analysis and began mitigations,' the GTIG posting stated, adding the database in question was a Salesforce instance 'used to store contact information and related notes for small and medium businesses.' 'The speed at which organisations are falling victim to cyber attacks targeting Salesforce instances is nothing short of alarming,' Robin Brattel, CEO at Lab 1, said. 'We need to be honest: malicious campaigns are being scaled quicker than ever as hackers are using information that's already been made public, often from past data breaches, to target organisations.' Customer data was, Google said, 'retrieved by the threat actor,' in the short period of time that the attack window remained open. Although Google has not gone into great detail regarding the attack as of yet, it did confirm that the stolen data consisted of 'basic and largely publicly available business information, such as business names and contact details.' I reached out to Google for a statement and a spokesperson told me that the 'details that we're able to share at this time can all be found in our blog update,' adding that this includes additional information regarding the ShinyHunters associated UNC6040 threat group, which 'provides the security community with actionable intelligence on this actor.' Google also stated that ShinyHunters commonly uses an attack tactic of extorting victims using emails or telephone calls demanding bitcoin ransom payments within 72 hours of compromise. It has not, however, confirmed or denied that this was the case here. Google did confirm that the attack itself occurred in June. What Cybersecurity Experts Have To Say About The Hacking of Google 'The news that Google has suffered a data breach in the recent wave of attacks executed by ShinyHunters highlights that no organisation is immune to cybercrime,' William Wright, CEO of Closed Door Security, said, adding: 'It doesn't matter if you are a small business or one of the world's leading technology firms, all organizations are vulnerable.' While Google's update provides an overview of how these attacks unfolded, Wright continued, 'it does not state whether the impacted organisations have been informed, or, if they have been informed, when they were informed.' Which means that the cybercriminals involved, ShinyHunters or not, could have had this information fro two months to do with what they saw fit. 'Google has long been one of the leading companies in the world when it comes to cybersecurity,' Jamie Akhtar, CEO of CyberSmart, said, concluding that 'if it can happen to one of the wealthiest and best-defended companies in the world, it can happen to anyone.'
Mint
4 days ago
- Business
- Mint
Google confirms data breach after cyberattack on Salesforce database: What's leaked
Google has confirmed that one of its Salesforce systems used for storing small and medium business contact data was briefly compromised by a cybercriminal group known as UNC6040, which uses voice phishing or 'vishing', to trick employees into handing over access to sensitive tools. The attackers used a social engineering technique where they impersonated IT support staff during phone calls, convincing employees to authorise malicious software connected to their Salesforce environment. This allowed the group to access and extract basic business contact details, most of which, Google says, were already publicly available, before the breach was detected and stopped. Notably, the group behind the attack, UNC6040, is known for targeting Salesforce platforms by abusing tools like the 'Data Loader' app, a legitimate application that allows bulk data handling. In many cases, the hackers use fake versions of this app with misleading names, such as 'My Ticket Portal,' to avoid detection during the phishing calls. In an evolving trend, the group has shifted from using official Salesforce tools to custom-made Python scripts for data theft, making it harder to trace their activity. They also reportedly use VPNs and the dark web network TOR to hide their identity and location. Another linked group, UNC6240, has followed up on these data thefts with extortion attempts, often contacting company employees by email or phone, demanding bitcoin payments within 72 hours. These messages claim to be from the hacking group 'ShinyHunters,' a name familiar in the cybercrime world. Google's threat intelligence unit believes the extortion group may soon launch a website to publicly leak stolen data, a common pressure tactic among cybercriminals. The broader concern is that these attacks do not exploit flaws in Salesforce itself but rather human error, tricking employees into allowing access through seemingly routine IT support calls. Companies are being urged to tighten access controls, restrict permissions to sensitive tools, limit app installations, and train staff to recognise social engineering scams.
Time of India
4 days ago
- Business
- Time of India
Google admits ShinyHunters steal data in Salesforce hack: 'The data retrieved by the threat actor was...'
Google has confirmed that a cyber criminal group broke into its Salesforce database. The tech giant said that hacking group popularly known as ShinyHunters , formally designated as UNC6040 is behind the breach. The company's Threat Intelligence Group published a blog post saying 'In June, one of Google's corporate Salesforce instances was impacted by similar UNC6040 activity'. However, it did not reveal the number of customers affected by the hack. 'Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details,' the company said. How ShinyHunters hacked Google's Salesforce database The blog post said that Google Threat Intelligence Group (GTIG) has observed an evolution in UNC6040's TTPs. While the group initially relied on the Salesforce Dataloader application, they have since shifted to using custom applications. These custom applications are typically Python scripts that perform a similar function to the Dataloader app. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like I Lost My Passport in Rome. This $49 Device Would've Saved Me TrackIO Undo As explained in the post, the updated attack chain involves a voice call to enroll a victim, which the threat actor initiates while using Mullvad VPN IPs or TOR. Following this initial engagement, the data collection is automated and through TOR IPs, a change that further complicates attribution and tracking efforts. GTIG observed that the threat actor shifted from creating Salesforce trial accounts using webmail emails to using compromised accounts from unrelated organizations to initially register their malicious applications. Realme Buds T200 Review: Vibrant Sound, Sleek Design
Zawya
4 days ago
- Business
- Zawya
Vishing awareness now live in Kaspersky ASAP portfolio
Dubai, United Arab Emirates – Kaspersky has introduced a new module on vishing (voice phishing) to its ASAP (Automated Security Awareness Platform), continuing its mission to build practical cyber-hygiene skills among employees across industries. The latest update addresses one of the most manipulative and growing types of social engineering, and teaches users how to recognize and respond to voice-based scams. Vishing has become a major vector for corporate fraud. For example, AIB saw a 79% year-on-year increase in vishing attacks in early 2025, including a case where a business customer nearly lost €41,000 during a scam call. Additionally, in a notable case disclosed by Google and labeled UNC6040, attackers targeted Salesforce users at around 20 organizations via voice phishing, tricking employees into installing a fake app giving full access to corporate data. Vishing is the fraudulent practice of convincing individuals to reveal personal information and bank details over the phone. The fraudulent scheme might start with an unusual e-mail, and while regular phishing emails ask the victim to follow a link, vishing emails ask that they urgently call the number provided in the email. Kaspersky experts emphasize that this method is used by cybercriminals because when people look at a phishing site, they have the time to think about their actions or notice signs that the page is not legitimate. But when victims talk on the phone, they are usually distracted and find it more difficult to focus. Under these circumstances, attackers do everything they can to further throw people off balance: rushing them, intimidating them and demanding that they urgently provide the needed information that helps them to steal money. The new module within Kaspersky Automated Security Awareness Platform provides real-world case studies, interactive lessons, and practical scenarios to help users identify red flags and adopt safer communication habits. Alongside this release, Kaspersky ASAP now supports over 30 languages across all user interfaces and training materials, making cybersecurity awareness more accessible to global teams. 'As social engineering evolves, so must the way we educate people about it. Vishing is no longer just a threat to individuals – it's increasingly being used to target organizations, leading to financial losses, data leaks, and reputational damage. Our new vishing module equips users with the knowledge to defend themselves against voice-based deception – a threat that is becoming increasingly sophisticated and personal. We help companies prepare their employees to recognize and resist this type of attack. Since vishing is often a gateway to more serious breaches, it's vital to build awareness across a wide range of related topics,' said Tatyana Shumaylova, Senior Product Marketing Manager at Kaspersky Security Awareness. To learn more about Kaspersky ASAP, please follow the link. About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at
Forbes
5 days ago
- Forbes
Google Confirms It Has Been Hacked — User Data Stolen
The Google Threat Intelligence Group has officially confirmed that user data has been stolen following a successful hack attack impacting one of its databases. Here's what we know so far. Google Has Been Hacked — Data Has Been Compromised This is not a warning that the Google Chrome web browser is in need of an urgent security update, or a story about switching from passwords to passkeys to protect your Google account. No, this is exactly what the headline says: Google has been hacked. Source? That would be Google itself. An August 5 posting by the Google Threat Intelligence Group has confirmed that one of the corporate databases was impacted by hackers thought to be associated with the ShinyHunters ransomware group, more formally known as UNC6040. 'Google responded to the activity, performed an impact analysis and began mitigations,' the GTIG posting stated, adding the database in question was a Salesforce instance 'used to store contact information and related notes for small and medium businesses.' Customer data was, Google said, 'retrieved by the threat actor,' in the short period of time that the attack window remained open. Although Google has not gone into great detail regarding the attack as of yet, it did confirm that the stolen data consisted of 'basic and largely publicly available business information, such as business names and contact details.' I have reached out to Google for a statement. Google has stated that ShinyHunters commonly uses an attack tactic of extorting victims using emails or telephone calls demanding bitcoin ransom payments within 72 hours of compromise. It has not, however, confirmed or denied that this was the case here. Google did confirm that the attack itself occurred in June. This is a developing story, and I will update it if more information from Google is forthcoming.
